<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="common/css/sf.css" rel="stylesheet" type="text/css" />
<title>Smallstep: Small-step Operational Semantics</title>
<link href="common/jquery-ui/jquery-ui.css" rel="stylesheet">
<script src="common/jquery-ui/external/jquery/jquery.js"></script>
<script src="common/jquery-ui/jquery-ui.js"></script>
<script src="common/toggleproofs.js"></script>
<link href="common/css/plf.css" rel="stylesheet" type="text/css"/>
</head>

<body>

<div id="page">

<div id="header">
<div id='logoinheader'><a href='https://softwarefoundations.cis.upenn.edu'>
<img src='common/media/image/sf_logo_sm.png' alt='Software Foundations Logo'></a></div>
<div class='booktitleinheader'><a href='index.html'>Volume 2: Programming Language Foundations</a></div>
<ul id='menu'>
   <li class='section_name'><a href='toc.html'>Table of Contents</a></li>
   <li class='section_name'><a href='coqindex.html'>Index</a></li>
   <li class='section_name'><a href='deps.html'>Roadmap</a></li>
</ul>
</div>

<div id="main">

<h1 class="libtitle">Smallstep<span class="subtitle">Small-step Operational Semantics</span></h1>


<div class="code">

<span class="id" title="keyword">Set</span> <span class="id" title="var">Warnings</span> "-notation-overridden,-parsing,-deprecated-hint-without-locality".<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.Arith.html#"><span class="id" title="library">Arith.Arith</span></a>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.EqNat.html#"><span class="id" title="library">Arith.EqNat</span></a>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#"><span class="id" title="library">Init.Nat</span></a>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.micromega.Lia.html#"><span class="id" title="library">Lia</span></a>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#"><span class="id" title="library">Lists.List</span></a>. <span class="id" title="keyword">Import</span> <span class="id" title="var">ListNotations</span>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">PLF</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <span class="id" title="library">Maps</span>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">PLF</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <span class="id" title="library">Imp</span>.<br/>
</div>

<div class="doc">
The evaluators we have seen so far (for <span class="inlinecode"><span class="id" title="var">aexp</span></span>s, <span class="inlinecode"><span class="id" title="var">bexp</span></span>s,
    commands, ...) have been formulated in a "big-step" style: they
    specify how a given expression can be evaluated to its final
    value (or a command plus a store to a final store) "all in one big
    step."

<div class="paragraph"> </div>

    This style is simple and natural for many purposes -- indeed,
    Gilles Kahn, who popularized it, called it <i>natural semantics</i>.
    But there are some things it does not do well.  In particular, it
    does not give us a natural way of talking about <i>concurrent</i>
    programming languages, where the semantics of a program -- i.e.,
    the essence of how it behaves -- is not just which input states
    get mapped to which output states, but also includes the
    intermediate states that it passes through along the way, since
    these states can also be observed by concurrently executing code.

<div class="paragraph"> </div>

    Another shortcoming of the big-step style is more technical, but
    critical in many situations.  Suppose we want to define a variant
    of Imp where variables could hold <i>either</i> numbers <i>or</i> lists of
    numbers.  In the syntax of this extended language, it will be
    possible to write strange expressions like <span class="inlinecode">2</span> <span class="inlinecode">+</span> <span class="inlinecode"><span class="id" title="var">nil</span></span>, and our
    semantics for arithmetic expressions will then need to say
    something about how such expressions behave.  One possibility is
    to maintain the convention that every arithmetic expression
    evaluates to some number by choosing some way of viewing a list as
    a number -- e.g., by specifying that a list should be interpreted
    as <span class="inlinecode">0</span> when it occurs in a context expecting a number.  But this
    is really a bit of a hack.

<div class="paragraph"> </div>

    A much more natural approach is simply to say that the behavior of
    an expression like <span class="inlinecode">2+<span class="id" title="var">nil</span></span> is <i>undefined</i> -- i.e., it doesn't
    evaluate to any result at all.  And we can easily do this: we just
    have to formulate <span class="inlinecode"><span class="id" title="var">aeval</span></span> and <span class="inlinecode"><span class="id" title="var">beval</span></span> as <span class="inlinecode"><span class="id" title="keyword">Inductive</span></span> propositions
    rather than <span class="inlinecode"><span class="id" title="keyword">Fixpoint</span></span>s, so that we can make them partial functions
    instead of total ones.

<div class="paragraph"> </div>

    Now, however, we encounter a serious deficiency.  In this
    language, a command might fail to map a given starting state to
    any ending state for <i>two quite different reasons</i>: either because
    the execution gets into an infinite loop or because, at some
    point, the program tries to do an operation that makes no sense,
    such as adding a number to a list, so that none of the evaluation
    rules can be applied.

<div class="paragraph"> </div>

    These two outcomes -- nontermination vs. getting stuck in an
    erroneous configuration -- should not be confused.  In particular, we
    want to <i>allow</i> the first (permitting the possibility of infinite
    loops is the price we pay for the convenience of programming with
    general looping constructs like <span class="inlinecode"><span class="id" title="var">while</span></span>) but <i>prevent</i> the
    second (which is just wrong), for example by adding some form of
    <i>typechecking</i> to the language.  Indeed, this will be a major
    topic for the rest of the course.  As a first step, we need a way
    of presenting the semantics that allows us to distinguish
    nontermination from erroneous "stuck states."

<div class="paragraph"> </div>

    So, for lots of reasons, we'd often like to have a finer-grained
    way of defining and reasoning about program behaviors.  This is
    the topic of the present chapter.  Our goal is to replace the
    "big-step" <span class="inlinecode"><span class="id" title="tactic">eval</span></span> relation with a "small-step" relation that
    specifies, for a given program, how the "atomic steps" of
    computation are performed. 
</div>

<div class="doc">
<a id="lab149"></a><h1 class="section">A Toy Language</h1>

<div class="paragraph"> </div>

 To save space in the discussion, let's go back to an
    incredibly simple language containing just constants and
    addition.  (We use single letters -- <span class="inlinecode"><span class="id" title="var">C</span></span> and <span class="inlinecode"><span class="id" title="var">P</span></span> (for Constant and
    Plus) -- as constructor names, for brevity.)  At the end of the
    chapter, we'll see how to apply the same techniques to the full
    Imp language.  
</div>
<div class="code">

<span class="id" title="keyword">Inductive</span> <a id="tm" class="idref" href="#tm"><span class="id" title="inductive">tm</span></a> : <span class="id" title="keyword">Type</span> :=<br/>
&nbsp;&nbsp;| <a id="C" class="idref" href="#C"><span class="id" title="constructor">C</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:1"><span class="id" title="inductive">tm</span></a>         <span class="comment">(*&nbsp;Constant&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a id="P" class="idref" href="#P"><span class="id" title="constructor">P</span></a> : <a class="idref" href="Smallstep.html#tm:1"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:1"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:1"><span class="id" title="inductive">tm</span></a>. <span class="comment">(*&nbsp;Plus&nbsp;*)</span><br/>
</div>

<div class="doc">
Here is a standard evaluator for this language, written in
    the big-step style that we've been using up to this point. 
</div>
<div class="code">

<span class="id" title="keyword">Fixpoint</span> <a id="evalF" class="idref" href="#evalF"><span class="id" title="definition">evalF</span></a> (<a id="t:3" class="idref" href="#t:3"><span class="id" title="binder">t</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a>) : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a> :=<br/>
&nbsp;&nbsp;<span class="id" title="keyword">match</span> <a class="idref" href="Smallstep.html#t:3"><span class="id" title="variable">t</span></a> <span class="id" title="keyword">with</span><br/>
&nbsp;&nbsp;| <a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <span class="id" title="var">n</span> ⇒ <span class="id" title="var">n</span><br/>
&nbsp;&nbsp;| <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <span class="id" title="var">t<sub>1</sub></span> <span class="id" title="var">t<sub>2</sub></span> ⇒ <a class="idref" href="Smallstep.html#evalF:4"><span class="id" title="definition">evalF</span></a> <span class="id" title="var">t<sub>1</sub></span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="Smallstep.html#evalF:4"><span class="id" title="definition">evalF</span></a> <span class="id" title="var">t<sub>2</sub></span><br/>
&nbsp;&nbsp;<span class="id" title="keyword">end</span>.<br/>
</div>

<div class="doc">
Here is the same evaluator, written in exactly the same
    style, but formulated as an inductively defined relation.
    We use the notation <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode">==&gt;</span> <span class="inlinecode"><span class="id" title="var">n</span></span> for "<span class="inlinecode"><span class="id" title="var">t</span></span> evaluates to <span class="inlinecode"><span class="id" title="var">n</span></span>." 
<div class="paragraph"> </div>

<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">&nbsp;&nbsp;</td>
  <td class="infrulenamecol" rowspan="3">
    (E_Const) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">C n ==> n</td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">t<sub>1</sub> ==> n<sub>1</sub></td>
  <td></td>
</td>
<tr class="infruleassumption">
  <td class="infrule">t<sub>2</sub> ==> n<sub>2</sub></td>
  <td class="infrulenamecol" rowspan="3">
    (E_Plus) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">P t<sub>1</sub> t<sub>2</sub> ==> n<sub>1</sub> + n<sub>2</sub></td>
  <td></td>
</td>
</table></center>
</div>
<div class="code">

<span class="id" title="keyword">Reserved Notation</span> &quot; t '==&gt;' n " (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 50, <span class="id" title="tactic">left</span> <span class="id" title="keyword">associativity</span>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="eval" class="idref" href="#eval"><span class="id" title="inductive">eval</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="E_Const" class="idref" href="#E_Const"><span class="id" title="constructor">E_Const</span></a> : <span class="id" title="keyword">∀</span> <a id="n:8" class="idref" href="#n:8"><span class="id" title="binder">n</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n:8"><span class="id" title="variable">n</span></a> <a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">==&gt;</span></a> <a class="idref" href="Smallstep.html#n:8"><span class="id" title="variable">n</span></a><br/>
&nbsp;&nbsp;| <a id="E_Plus" class="idref" href="#E_Plus"><span class="id" title="constructor">E_Plus</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:9" class="idref" href="#t<sub>1</sub>:9"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:10" class="idref" href="#t<sub>2</sub>:10"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="n<sub>1</sub>:11" class="idref" href="#n<sub>1</sub>:11"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:12" class="idref" href="#n<sub>2</sub>:12"><span class="id" title="binder">n<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:9"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">==&gt;</span></a> <a class="idref" href="Smallstep.html#n<sub>1</sub>:11"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>2</sub>:10"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">==&gt;</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:12"><span class="id" title="variable">n<sub>2</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:9"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:10"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">==&gt;</span></a> <a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#n<sub>1</sub>:11"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:12"><span class="id" title="variable">n<sub>2</sub></span></a><a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">)</span></a><br/>
<br/>
<span class="id" title="keyword">where</span> <a id="7cf9375cc810cd6cb65186f6ede01686" class="idref" href="#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">&quot;</span></a> t '==&gt;' n " := (<a class="idref" href="Smallstep.html#eval:7"><span class="id" title="inductive">eval</span></a> <span class="id" title="var">t</span> <span class="id" title="var">n</span>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Module</span> <a id="SimpleArith1" class="idref" href="#SimpleArith1"><span class="id" title="module">SimpleArith1</span></a>.<br/>
</div>

<div class="doc">
Now, here is the corresponding <i>small-step</i> evaluation relation.  <center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">&nbsp;&nbsp;</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_PlusConstConst) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">P (C n<sub>1</sub>) (C n<sub>2</sub>) <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> C (n<sub>1</sub> + n<sub>2</sub>)</td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">t<sub>1</sub> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>1</sub>'</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_Plus1) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">P t<sub>1</sub> t<sub>2</sub> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> P t<sub>1</sub>' t<sub>2</sub></td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">t<sub>2</sub> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>2</sub>'</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_Plus2) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">P (C n<sub>1</sub>) t<sub>2</sub> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> P (C n<sub>1</sub>) t<sub>2</sub>'</td>
  <td></td>
</td>
</table></center>
</div>
<div class="code">

<span class="id" title="keyword">Reserved Notation</span> &quot; t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="SimpleArith1.step" class="idref" href="#SimpleArith1.step"><span class="id" title="inductive">step</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="SimpleArith1.ST_PlusConstConst" class="idref" href="#SimpleArith1.ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a> : <span class="id" title="keyword">∀</span> <a id="n<sub>1</sub>:15" class="idref" href="#n<sub>1</sub>:15"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:16" class="idref" href="#n<sub>2</sub>:16"><span class="id" title="binder">n<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>1</sub>:15"><span class="id" title="variable">n<sub>1</sub></span></a>) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:16"><span class="id" title="variable">n<sub>2</sub></span></a>) <a class="idref" href="Smallstep.html#SimpleArith1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (<a class="idref" href="Smallstep.html#n<sub>1</sub>:15"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:16"><span class="id" title="variable">n<sub>2</sub></span></a>)<br/>
&nbsp;&nbsp;| <a id="SimpleArith1.ST_Plus1" class="idref" href="#SimpleArith1.ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:17" class="idref" href="#t<sub>1</sub>:17"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':18" class="idref" href="#t<sub>1</sub>':18"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:19" class="idref" href="#t<sub>2</sub>:19"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:17"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#SimpleArith1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':18"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:17"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:19"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#SimpleArith1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':18"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:19"><span class="id" title="variable">t<sub>2</sub></span></a><br/>
&nbsp;&nbsp;| <a id="SimpleArith1.ST_Plus2" class="idref" href="#SimpleArith1.ST_Plus2"><span class="id" title="constructor">ST_Plus2</span></a> : <span class="id" title="keyword">∀</span> <a id="n<sub>1</sub>:20" class="idref" href="#n<sub>1</sub>:20"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="t<sub>2</sub>:21" class="idref" href="#t<sub>2</sub>:21"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>2</sub>':22" class="idref" href="#t<sub>2</sub>':22"><span class="id" title="binder">t<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>2</sub>:21"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#SimpleArith1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':22"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>1</sub>:20"><span class="id" title="variable">n<sub>1</sub></span></a>) <a class="idref" href="Smallstep.html#t<sub>2</sub>:21"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#SimpleArith1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>1</sub>:20"><span class="id" title="variable">n<sub>1</sub></span></a>) <a class="idref" href="Smallstep.html#t<sub>2</sub>':22"><span class="id" title="variable">t<sub>2</sub>'</span></a><br/>
<br/>
&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id="SimpleArith1.:::x_'--&gt;'_x" class="idref" href="#SimpleArith1.:::x_'--&gt;'_x"><span class="id" title="notation">&quot;</span></a> t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " := (<a class="idref" href="Smallstep.html#step:14"><span class="id" title="inductive">step</span></a> <span class="id" title="var">t</span> <span class="id" title="var">t'</span>).<br/>
</div>

<div class="doc">
Things to notice:

<div class="paragraph"> </div>

<ul class="doclist">
<li> We are defining just a single reduction step, in which
      one <span class="inlinecode"><span class="id" title="var">P</span></span> node is replaced by its value.

<div class="paragraph"> </div>


</li>
<li> Each step finds the <i>leftmost</i> <span class="inlinecode"><span class="id" title="var">P</span></span> node that is ready to
      go (both of its operands are constants) and rewrites it in
      place.  The first rule tells how to rewrite this <span class="inlinecode"><span class="id" title="var">P</span></span> node
      itself; the other two rules tell how to find it.

<div class="paragraph"> </div>


</li>
<li> A term that is just a constant cannot take a step. 
</li>
</ul>

<div class="paragraph"> </div>

 Let's pause and check a couple of examples of reasoning with
    the <span class="inlinecode"><span class="id" title="var">step</span></span> relation... 
<div class="paragraph"> </div>

 If <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> can take a step to <span class="inlinecode"><span class="id" title="var">t<sub>1</sub>'</span></span>, then <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> steps
    to <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub>'</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span>: 
</div>
<div class="code">

<span class="id" title="keyword">Example</span> <a id="SimpleArith1.test_step_1" class="idref" href="#SimpleArith1.test_step_1"><span class="id" title="definition">test_step_1</span></a> :<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 1) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3))<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 2) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4))<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#SimpleArith1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 2) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4)).<br/>
<div class="togglescript" id="proofcontrol1" onclick="toggleDisplay('proof1');toggleDisplay('proofcontrol1')"><span class="show"></span></div>
<div class="proofscript" id="proof1" onclick="toggleDisplay('proof1');toggleDisplay('proofcontrol1')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#SimpleArith1.ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#SimpleArith1.ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>. <span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab150"></a><h4 class="section">Exercise: 1 star, standard (test_step_2)</h4>
 Right-hand sides of sums can take a step only when the
    left-hand side is finished: if <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> can take a step to <span class="inlinecode"><span class="id" title="var">t<sub>2</sub>'</span></span>,
    then <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode">(<span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n</span>)</span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> steps to <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode">(<span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n</span>)</span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub>'</span></span>: 
</div>
<div class="code">

<span class="id" title="keyword">Example</span> <a id="SimpleArith1.test_step_2" class="idref" href="#SimpleArith1.test_step_2"><span class="id" title="definition">test_step_2</span></a> :<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 0)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 2)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 1) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3)))<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#SimpleArith1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 0)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 2)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4)).<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="code">

<span class="id" title="keyword">End</span> <a class="idref" href="Smallstep.html#SimpleArith1"><span class="id" title="module">SimpleArith1</span></a>.<br/>
</div>

<div class="doc">
<a id="lab151"></a><h1 class="section">Relations</h1>

<div class="paragraph"> </div>

 We will be working with several different single-step relations,
    so it is helpful to generalize a bit and state a few definitions
    and theorems about relations in general.  (The optional chapter
    <span class="inlinecode"><span class="id" title="var">Rel.v</span></span> develops some of these ideas in a bit more detail; it may
    be useful if the treatment here feels too terse.) 
<div class="paragraph"> </div>

 A <i>binary relation</i> on a set <span class="inlinecode"><span class="id" title="var">X</span></span> is a family of propositions
    parameterized by two elements of <span class="inlinecode"><span class="id" title="var">X</span></span> -- i.e., a proposition about
    pairs of elements of <span class="inlinecode"><span class="id" title="var">X</span></span>.  
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="relation" class="idref" href="#relation"><span class="id" title="definition">relation</span></a> (<a id="X:23" class="idref" href="#X:23"><span class="id" title="binder">X</span></a> : <span class="id" title="keyword">Type</span>) := <a class="idref" href="Smallstep.html#X:23"><span class="id" title="variable">X</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#X:23"><span class="id" title="variable">X</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span>.<br/>
</div>

<div class="doc">
Our main examples of such relations in this chapter will be
    the single-step reduction relation, <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span>, and its multi-step
    variant, <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span> (defined below), but there are many other
    examples -- e.g., the "equals," "less than," "less than or equal
    to," and "is the square of" relations on numbers, and the "prefix
    of" relation on lists and strings. 
<div class="paragraph"> </div>

 One simple property of the <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> relation is that, like the
    big-step evaluation relation for Imp, it is <i>deterministic</i>.

<div class="paragraph"> </div>

    <i>Theorem</i>: For each <span class="inlinecode"><span class="id" title="var">t</span></span>, there is at most one <span class="inlinecode"><span class="id" title="var">t'</span></span> such that <span class="inlinecode"><span class="id" title="var">t</span></span>
    steps to <span class="inlinecode"><span class="id" title="var">t'</span></span> (<span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> <span class="inlinecode"><span class="id" title="var">t'</span></span> is provable). 
<div class="paragraph"> </div>

 <i>Proof sketch</i>: We show that if <span class="inlinecode"><span class="id" title="var">x</span></span> steps to both <span class="inlinecode"><span class="id" title="var">y<sub>1</sub></span></span> and
    <span class="inlinecode"><span class="id" title="var">y<sub>2</sub></span></span>, then <span class="inlinecode"><span class="id" title="var">y<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">y<sub>2</sub></span></span> are equal, by induction on a derivation
    of <span class="inlinecode"><span class="id" title="var">step</span></span> <span class="inlinecode"><span class="id" title="var">x</span></span> <span class="inlinecode"><span class="id" title="var">y<sub>1</sub></span></span>.  There are several cases to consider, depending on
    the last rule used in this derivation and the last rule in the
    given derivation of <span class="inlinecode"><span class="id" title="var">step</span></span> <span class="inlinecode"><span class="id" title="var">x</span></span> <span class="inlinecode"><span class="id" title="var">y<sub>2</sub></span></span>.

<div class="paragraph"> </div>

<ul class="doclist">
<li> If both are <span class="inlinecode"><span class="id" title="var">ST_PlusConstConst</span></span>, the result is immediate.

<div class="paragraph"> </div>


</li>
<li> The cases when both derivations end with <span class="inlinecode"><span class="id" title="var">ST_Plus1</span></span> or
        <span class="inlinecode"><span class="id" title="var">ST_Plus2</span></span> follow by the induction hypothesis.

<div class="paragraph"> </div>


</li>
<li> It cannot happen that one is <span class="inlinecode"><span class="id" title="var">ST_PlusConstConst</span></span> and the other
        is <span class="inlinecode"><span class="id" title="var">ST_Plus1</span></span> or <span class="inlinecode"><span class="id" title="var">ST_Plus2</span></span>, since this would imply that <span class="inlinecode"><span class="id" title="var">x</span></span>
        has the form <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> where both <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> are
        constants (by <span class="inlinecode"><span class="id" title="var">ST_PlusConstConst</span></span>) <i>and</i> one of <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> or <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span>
        has the form <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">_</span></span>.

<div class="paragraph"> </div>


</li>
<li> Similarly, it cannot happen that one is <span class="inlinecode"><span class="id" title="var">ST_Plus1</span></span> and the
        other is <span class="inlinecode"><span class="id" title="var">ST_Plus2</span></span>, since this would imply that <span class="inlinecode"><span class="id" title="var">x</span></span> has the
        form <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> where <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> has both the form <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>11</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>12</sub></span></span> and the
        form <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n</span></span>. <font size=-2>&#9744;</font> 
</li>
</ul>

<div class="paragraph"> </div>

 Formally: 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="deterministic" class="idref" href="#deterministic"><span class="id" title="definition">deterministic</span></a> {<a id="X:24" class="idref" href="#X:24"><span class="id" title="binder">X</span></a> : <span class="id" title="keyword">Type</span>} (<a id="R:25" class="idref" href="#R:25"><span class="id" title="binder">R</span></a> : <a class="idref" href="Smallstep.html#relation"><span class="id" title="definition">relation</span></a> <a class="idref" href="Smallstep.html#X:24"><span class="id" title="variable">X</span></a>) :=<br/>
&nbsp;&nbsp;<span class="id" title="keyword">∀</span> <a id="x:26" class="idref" href="#x:26"><span class="id" title="binder">x</span></a> <a id="y<sub>1</sub>:27" class="idref" href="#y<sub>1</sub>:27"><span class="id" title="binder">y<sub>1</sub></span></a> <a id="y<sub>2</sub>:28" class="idref" href="#y<sub>2</sub>:28"><span class="id" title="binder">y<sub>2</sub></span></a> : <a class="idref" href="Smallstep.html#X:24"><span class="id" title="variable">X</span></a>, <a class="idref" href="Smallstep.html#R:25"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#x:26"><span class="id" title="variable">x</span></a> <a class="idref" href="Smallstep.html#y<sub>1</sub>:27"><span class="id" title="variable">y<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#R:25"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#x:26"><span class="id" title="variable">x</span></a> <a class="idref" href="Smallstep.html#y<sub>2</sub>:28"><span class="id" title="variable">y<sub>2</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#y<sub>1</sub>:27"><span class="id" title="variable">y<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="Smallstep.html#y<sub>2</sub>:28"><span class="id" title="variable">y<sub>2</sub></span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Module</span> <a id="SimpleArith2" class="idref" href="#SimpleArith2"><span class="id" title="module">SimpleArith2</span></a>.<br/>
<span class="id" title="keyword">Import</span> <span class="id" title="var">SimpleArith1</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Theorem</span> <a id="SimpleArith2.step_deterministic" class="idref" href="#SimpleArith2.step_deterministic"><span class="id" title="lemma">step_deterministic</span></a>:<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#deterministic"><span class="id" title="definition">deterministic</span></a> <a class="idref" href="Smallstep.html#SimpleArith1.step"><span class="id" title="inductive">step</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="Smallstep.html#deterministic"><span class="id" title="definition">deterministic</span></a>. <span class="id" title="tactic">intros</span> <span class="id" title="var">x</span> <span class="id" title="var">y<sub>1</sub></span> <span class="id" title="var">y<sub>2</sub></span> <span class="id" title="var">Hy<sub>1</sub></span> <span class="id" title="var">Hy<sub>2</sub></span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">y<sub>2</sub></span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">Hy<sub>1</sub></span>; <span class="id" title="tactic">intros</span> <span class="id" title="var">y<sub>2</sub></span> <span class="id" title="var">Hy<sub>2</sub></span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_PlusConstConst&nbsp;*)</span> <span class="id" title="tactic">inversion</span> <span class="id" title="var">Hy<sub>2</sub></span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_PlusConstConst&nbsp;*)</span> <span class="id" title="tactic">reflexivity</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_Plus1&nbsp;*)</span> <span class="id" title="tactic">inversion</span> <span class="id" title="var">H<sub>2</sub></span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_Plus2&nbsp;*)</span> <span class="id" title="tactic">inversion</span> <span class="id" title="var">H<sub>2</sub></span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Plus1&nbsp;*)</span> <span class="id" title="tactic">inversion</span> <span class="id" title="var">Hy<sub>2</sub></span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_PlusConstConst&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Hy<sub>1</sub></span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_Plus1&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <span class="id" title="var">IHHy1</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>2</sub></span>. <span class="id" title="tactic">rewrite</span> <span class="id" title="var">H<sub>2</sub></span>. <span class="id" title="tactic">reflexivity</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_Plus2&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Hy<sub>1</sub></span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Plus2&nbsp;*)</span> <span class="id" title="tactic">inversion</span> <span class="id" title="var">Hy<sub>2</sub></span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_PlusConstConst&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Hy<sub>1</sub></span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_Plus1&nbsp;*)</span> <span class="id" title="tactic">inversion</span> <span class="id" title="var">H<sub>2</sub></span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_Plus2&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <span class="id" title="var">IHHy1</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>2</sub></span>. <span class="id" title="tactic">rewrite</span> <span class="id" title="var">H<sub>2</sub></span>. <span class="id" title="tactic">reflexivity</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">End</span> <a class="idref" href="Smallstep.html#SimpleArith2"><span class="id" title="module">SimpleArith2</span></a>.<br/>
</div>

<div class="doc">
There is some annoying repetition in this proof.  Each use of
    <span class="inlinecode"><span class="id" title="tactic">inversion</span></span> <span class="inlinecode"><span class="id" title="var">Hy<sub>2</sub></span></span> results in three subcases, only one of which is
    relevant (the one that matches the current case in the induction
    on <span class="inlinecode"><span class="id" title="var">Hy<sub>1</sub></span></span>).  The other two subcases need to be dismissed by finding
    the contradiction among the hypotheses and doing inversion on it.

<div class="paragraph"> </div>

    The following custom tactic, called <span class="inlinecode"><span class="id" title="var">solve_by_inverts</span></span>, can be
    helpful in such cases.  It will solve the goal if it can be solved
    by inverting some hypothesis; otherwise, it fails. 
</div>
<div class="code">

<span class="id" title="keyword">Ltac</span> <span class="id" title="var">solve_by_inverts</span> <span class="id" title="var">n</span> :=<br/>
&nbsp;&nbsp;<span class="id" title="keyword">match</span> <span class="id" title="keyword">goal</span> <span class="id" title="keyword">with</span> | <span class="id" title="var">H</span> : ?<span class="id" title="var">T</span> &#x22A2; <span class="id" title="var">_</span> ⇒<br/>
&nbsp;&nbsp;<span class="id" title="keyword">match</span> <span class="id" title="keyword">type</span> <span class="id" title="keyword">of</span> <span class="id" title="var">T</span> <span class="id" title="keyword">with</span> <span class="id" title="keyword">Prop</span> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">solve</span> [<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">H</span>;<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="keyword">match</span> <span class="id" title="var">n</span> <span class="id" title="keyword">with</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#S"><span class="id" title="constructor">S</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#S"><span class="id" title="constructor">S</span></a> (?<span class="id" title="var">n'</span>)) ⇒ <span class="id" title="tactic">subst</span>; <span class="id" title="var">solve_by_inverts</span> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#S"><span class="id" title="constructor">S</span></a> <span class="id" title="var">n'</span>) <span class="id" title="keyword">end</span> ]<br/>
&nbsp;&nbsp;<span class="id" title="keyword">end</span> <span class="id" title="keyword">end</span>.<br/>
</div>

<div class="doc">
The details of how this works are not important for now, but it
    illustrates the power of Coq's <span class="inlinecode"><span class="id" title="keyword">Ltac</span></span> language for
    programmatically defining special-purpose tactics.  It looks
    through the current proof state for a hypothesis <span class="inlinecode"><span class="id" title="var">H</span></span> (the first
    <span class="inlinecode"><span class="id" title="keyword">match</span></span>) of type <span class="inlinecode"><span class="id" title="keyword">Prop</span></span> (the second <span class="inlinecode"><span class="id" title="keyword">match</span></span>) such that performing
    inversion on <span class="inlinecode"><span class="id" title="var">H</span></span> (followed by a recursive invocation of the same
    tactic, if its argument <span class="inlinecode"><span class="id" title="var">n</span></span> is greater than one) completely solves
    the current goal.  If no such hypothesis exists, it fails.

<div class="paragraph"> </div>

    We will usually want to call <span class="inlinecode"><span class="id" title="var">solve_by_inverts</span></span> with argument
    <span class="inlinecode">1</span> (especially as larger arguments can lead to very slow proof
    checking), so we define <span class="inlinecode"><span class="id" title="var">solve_by_invert</span></span> as a shorthand for this
    case. 
</div>
<div class="code">

<span class="id" title="keyword">Ltac</span> <span class="id" title="var">solve_by_invert</span> :=<br/>
&nbsp;&nbsp;<span class="id" title="var">solve_by_inverts</span> 1.<br/>
</div>

<div class="doc">
The proof of the previous theorem can now be simplified... 
</div>
<div class="code">

<span class="id" title="keyword">Module</span> <a id="SimpleArith3" class="idref" href="#SimpleArith3"><span class="id" title="module">SimpleArith3</span></a>.<br/>
<span class="id" title="keyword">Import</span> <span class="id" title="var">SimpleArith1</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Theorem</span> <a id="SimpleArith3.step_deterministic_alt" class="idref" href="#SimpleArith3.step_deterministic_alt"><span class="id" title="lemma">step_deterministic_alt</span></a>: <a class="idref" href="Smallstep.html#deterministic"><span class="id" title="definition">deterministic</span></a> <a class="idref" href="Smallstep.html#SimpleArith1.step"><span class="id" title="inductive">step</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">x</span> <span class="id" title="var">y<sub>1</sub></span> <span class="id" title="var">y<sub>2</sub></span> <span class="id" title="var">Hy<sub>1</sub></span> <span class="id" title="var">Hy<sub>2</sub></span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">y<sub>2</sub></span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">Hy<sub>1</sub></span>; <span class="id" title="tactic">intros</span> <span class="id" title="var">y<sub>2</sub></span> <span class="id" title="var">Hy<sub>2</sub></span>;<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Hy<sub>2</sub></span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="var">solve_by_invert</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_PlusConstConst&nbsp;*)</span> <span class="id" title="tactic">reflexivity</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Plus1&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <span class="id" title="var">IHHy1</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>2</sub></span>. <span class="id" title="tactic">rewrite</span> <span class="id" title="var">H<sub>2</sub></span>. <span class="id" title="tactic">reflexivity</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Plus2&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <span class="id" title="var">IHHy1</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>2</sub></span>. <span class="id" title="tactic">rewrite</span> <span class="id" title="var">H<sub>2</sub></span>. <span class="id" title="tactic">reflexivity</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">End</span> <a class="idref" href="Smallstep.html#SimpleArith3"><span class="id" title="module">SimpleArith3</span></a>.<br/>
</div>

<div class="doc">
<a id="lab152"></a><h2 class="section">Values</h2>

<div class="paragraph"> </div>

 Next, it will be useful to slightly reformulate the
    definition of single-step reduction by stating it in terms of
    "values." 
<div class="paragraph"> </div>

 It can be useful to think of the <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> relation as defining an
    <i>abstract machine</i>:

<div class="paragraph"> </div>

<ul class="doclist">
<li> At any moment, the <i>state</i> of the machine is a term.

<div class="paragraph"> </div>


</li>
<li> A <i>step</i> of the machine is an atomic unit of computation --
        here, a single "add" operation.

<div class="paragraph"> </div>


</li>
<li> The <i>halting states</i> of the machine are ones where there is no
        more computation to be done. 
</li>
</ul>

<div class="paragraph"> </div>

 We can then <i>execute</i> a term <span class="inlinecode"><span class="id" title="var">t</span></span> as follows:

<div class="paragraph"> </div>

<ul class="doclist">
<li> Take <span class="inlinecode"><span class="id" title="var">t</span></span> as the starting state of the machine.

<div class="paragraph"> </div>


</li>
<li> Repeatedly use the <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> relation to find a sequence of
        machine states, starting with <span class="inlinecode"><span class="id" title="var">t</span></span>, where each state steps to
        the next.

<div class="paragraph"> </div>


</li>
<li> When no more reduction is possible, "read out" the final state
        of the machine as the result of execution. 
</li>
</ul>

<div class="paragraph"> </div>

 Intuitively, it is clear that the final states of the
    machine are always terms of the form <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n</span></span> for some <span class="inlinecode"><span class="id" title="var">n</span></span>.
    We call such terms <i>values</i>. 
</div>
<div class="code">

<span class="id" title="keyword">Inductive</span> <a id="value" class="idref" href="#value"><span class="id" title="inductive">value</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="v_const" class="idref" href="#v_const"><span class="id" title="constructor">v_const</span></a> : <span class="id" title="keyword">∀</span> <a id="n:31" class="idref" href="#n:31"><span class="id" title="binder">n</span></a>, <a class="idref" href="Smallstep.html#value:29"><span class="id" title="inductive">value</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n:31"><span class="id" title="variable">n</span></a>).<br/>
</div>

<div class="doc">
Having introduced the idea of values, we can use it in the
    definition of the <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> relation to write <span class="inlinecode"><span class="id" title="var">ST_Plus2</span></span> rule in a
    slightly more elegant way: 
<div class="paragraph"> </div>

 <center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">&nbsp;&nbsp;</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_PlusConstConst) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">P (C n<sub>1</sub>) (C n<sub>2</sub>) <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> C (n<sub>1</sub> + n<sub>2</sub>)</td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">t<sub>1</sub> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>1</sub>'</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_Plus1) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">P t<sub>1</sub> t<sub>2</sub> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> P t<sub>1</sub>' t<sub>2</sub></td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">value v<sub>1</sub></td>
  <td></td>
</td>
<tr class="infruleassumption">
  <td class="infrule">t<sub>2</sub> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>2</sub>'</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_Plus2) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">P v<sub>1</sub> t<sub>2</sub> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> P v<sub>1</sub> t<sub>2</sub>'</td>
  <td></td>
</td>
</table></center> 
<div class="paragraph"> </div>

 Again, the variable names in the informal presentation carry
    important information: by convention, <span class="inlinecode"><span class="id" title="var">v<sub>1</sub></span></span> ranges only over
    values, while <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> range over arbitrary terms.  (Given
    this convention, the explicit <span class="inlinecode"><span class="id" title="var">value</span></span> hypothesis is arguably
    redundant, since the naming convention tells us where to add it
    when translating the informal rule to Coq.  We'll keep it for now,
    to maintain a close correspondence between the informal and Coq
    versions of the rules, but later on we'll drop it in informal
    rules for brevity.) 
<div class="paragraph"> </div>

  Here are the formal rules: 
</div>
<div class="code">

<span class="id" title="keyword">Reserved Notation</span> &quot; t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="step" class="idref" href="#step"><span class="id" title="inductive">step</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="ST_PlusConstConst" class="idref" href="#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a> : <span class="id" title="keyword">∀</span> <a id="n<sub>1</sub>:34" class="idref" href="#n<sub>1</sub>:34"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:35" class="idref" href="#n<sub>2</sub>:35"><span class="id" title="binder">n<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>1</sub>:34"><span class="id" title="variable">n<sub>1</sub></span></a>) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:35"><span class="id" title="variable">n<sub>2</sub></span></a>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (<a class="idref" href="Smallstep.html#n<sub>1</sub>:34"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:35"><span class="id" title="variable">n<sub>2</sub></span></a>)<br/>
&nbsp;&nbsp;| <a id="ST_Plus1" class="idref" href="#ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:36" class="idref" href="#t<sub>1</sub>:36"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':37" class="idref" href="#t<sub>1</sub>':37"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:38" class="idref" href="#t<sub>2</sub>:38"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:36"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':37"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:36"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:38"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':37"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:38"><span class="id" title="variable">t<sub>2</sub></span></a><br/>
&nbsp;&nbsp;| <a id="ST_Plus2" class="idref" href="#ST_Plus2"><span class="id" title="constructor">ST_Plus2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:39" class="idref" href="#v<sub>1</sub>:39"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="t<sub>2</sub>:40" class="idref" href="#t<sub>2</sub>:40"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>2</sub>':41" class="idref" href="#t<sub>2</sub>':41"><span class="id" title="binder">t<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:39"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a>                     <span class="comment">(*&nbsp;&lt;---&nbsp;n.b.&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>2</sub>:40"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':41"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:39"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:40"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:39"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':41"><span class="id" title="variable">t<sub>2</sub>'</span></a><br/>
<br/>
&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id=":::x_'--&gt;'_x" class="idref" href="#:::x_'--&gt;'_x"><span class="id" title="notation">&quot;</span></a> t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " := (<a class="idref" href="Smallstep.html#step:33"><span class="id" title="inductive">step</span></a> <span class="id" title="var">t</span> <span class="id" title="var">t'</span>).<br/>
</div>

<div class="doc">
<a id="lab153"></a><h4 class="section">Exercise: 3 stars, standard, especially useful (redo_determinism)</h4>
 As a sanity check on this change, let's re-verify determinism.
    Here's an informal proof:

<div class="paragraph"> </div>

    <i>Proof sketch</i>: We must show that if <span class="inlinecode"><span class="id" title="var">x</span></span> steps to both <span class="inlinecode"><span class="id" title="var">y<sub>1</sub></span></span> and
    <span class="inlinecode"><span class="id" title="var">y<sub>2</sub></span></span>, then <span class="inlinecode"><span class="id" title="var">y<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">y<sub>2</sub></span></span> are equal.  Consider the final rules used
    in the derivations of <span class="inlinecode"><span class="id" title="var">step</span></span> <span class="inlinecode"><span class="id" title="var">x</span></span> <span class="inlinecode"><span class="id" title="var">y<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">step</span></span> <span class="inlinecode"><span class="id" title="var">x</span></span> <span class="inlinecode"><span class="id" title="var">y<sub>2</sub></span></span>.

<div class="paragraph"> </div>

<ul class="doclist">
<li> If both are <span class="inlinecode"><span class="id" title="var">ST_PlusConstConst</span></span>, the result is immediate.

<div class="paragraph"> </div>


</li>
<li> It cannot happen that one is <span class="inlinecode"><span class="id" title="var">ST_PlusConstConst</span></span> and the other
      is <span class="inlinecode"><span class="id" title="var">ST_Plus1</span></span> or <span class="inlinecode"><span class="id" title="var">ST_Plus2</span></span>, since this would imply that <span class="inlinecode"><span class="id" title="var">x</span></span> has
      the form <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> where both <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> are constants (by
      <span class="inlinecode"><span class="id" title="var">ST_PlusConstConst</span></span>) <i>and</i> one of <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> or <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> has the form <span class="inlinecode"><span class="id" title="var">P</span></span>
      <span class="inlinecode"><span class="id" title="var">_</span></span>.

<div class="paragraph"> </div>


</li>
<li> Similarly, it cannot happen that one is <span class="inlinecode"><span class="id" title="var">ST_Plus1</span></span> and the other
      is <span class="inlinecode"><span class="id" title="var">ST_Plus2</span></span>, since this would imply that <span class="inlinecode"><span class="id" title="var">x</span></span> has the form <span class="inlinecode"><span class="id" title="var">P</span></span>
      <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> where <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> both has the form <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>11</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>12</sub></span></span> and is a
      value (hence has the form <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n</span></span>).

<div class="paragraph"> </div>


</li>
<li> The cases when both derivations end with <span class="inlinecode"><span class="id" title="var">ST_Plus1</span></span> or
      <span class="inlinecode"><span class="id" title="var">ST_Plus2</span></span> follow by the induction hypothesis. <font size=-2>&#9744;</font> 
</li>
</ul>

<div class="paragraph"> </div>

 Most of this proof is the same as the one above.  But to get
    maximum benefit from the exercise you should try to write your
    formal version from scratch and just use the earlier one if you
    get stuck. 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="step_deterministic" class="idref" href="#step_deterministic"><span class="id" title="lemma">step_deterministic</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#deterministic"><span class="id" title="definition">deterministic</span></a> <a class="idref" href="Smallstep.html#step"><span class="id" title="inductive">step</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab154"></a><h2 class="section">Strong Progress and Normal Forms</h2>

<div class="paragraph"> </div>

 The definition of single-step reduction for our toy language
    is fairly simple, but for a larger language it would be easy to
    forget one of the rules and accidentally create a situation where
    some term cannot take a step even though it has not been
    completely reduced to a value.  The following theorem shows that
    we did not, in fact, make such a mistake here. 
<div class="paragraph"> </div>

 <i>Theorem</i> (<i>Strong Progress</i>): If <span class="inlinecode"><span class="id" title="var">t</span></span> is a term, then either <span class="inlinecode"><span class="id" title="var">t</span></span>
    is a value or else there exists a term <span class="inlinecode"><span class="id" title="var">t'</span></span> such that <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> <span class="inlinecode"><span class="id" title="var">t'</span></span>. 
<div class="paragraph"> </div>

 <i>Proof</i>: By induction on <span class="inlinecode"><span class="id" title="var">t</span></span>.

<div class="paragraph"> </div>

<ul class="doclist">
<li> Suppose <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode">=</span> <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n</span></span>. Then <span class="inlinecode"><span class="id" title="var">t</span></span> is a value.

<div class="paragraph"> </div>


</li>
<li> Suppose <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode">=</span> <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span>, where (by the IH) <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> either is a value
      or can step to some <span class="inlinecode"><span class="id" title="var">t<sub>1</sub>'</span></span>, and where <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> is either a value or
      can step to some <span class="inlinecode"><span class="id" title="var">t<sub>2</sub>'</span></span>. We must show <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> is either a value
      or steps to some <span class="inlinecode"><span class="id" title="var">t'</span></span>.

<div class="paragraph"> </div>

<ul class="doclist">
<li> If <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> are both values, then <span class="inlinecode"><span class="id" title="var">t</span></span> can take a step, by
        <span class="inlinecode"><span class="id" title="var">ST_PlusConstConst</span></span>.

<div class="paragraph"> </div>


</li>
<li> If <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> is a value and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> can take a step, then so can <span class="inlinecode"><span class="id" title="var">t</span></span>,
        by <span class="inlinecode"><span class="id" title="var">ST_Plus2</span></span>.

<div class="paragraph"> </div>


</li>
<li> If <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> can take a step, then so can <span class="inlinecode"><span class="id" title="var">t</span></span>, by <span class="inlinecode"><span class="id" title="var">ST_Plus1</span></span>.  <font size=-2>&#9744;</font>

</li>
</ul>

</li>
</ul>

<div class="paragraph"> </div>

   Or, formally: 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="strong_progress" class="idref" href="#strong_progress"><span class="id" title="lemma">strong_progress</span></a> : <span class="id" title="keyword">∀</span> <a id="t:42" class="idref" href="#t:42"><span class="id" title="binder">t</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#t:42"><span class="id" title="variable">t</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#f031fe1957c4a4a8e217aa46af2b4e<sub>25</sub>"><span class="id" title="notation">∨</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#f031fe1957c4a4a8e217aa46af2b4e<sub>25</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="t':43" class="idref" href="#t':43"><span class="id" title="binder">t'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#t:42"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t':43"><span class="id" title="variable">t'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#f031fe1957c4a4a8e217aa46af2b4e<sub>25</sub>"><span class="id" title="notation">)</span></a>.<br/>
<div class="togglescript" id="proofcontrol2" onclick="toggleDisplay('proof2');toggleDisplay('proofcontrol2')"><span class="show"></span></div>
<div class="proofscript" id="proof2" onclick="toggleDisplay('proof2');toggleDisplay('proofcontrol2')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">t</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;C&nbsp;*)</span> <span class="id" title="tactic">left</span>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#v_const"><span class="id" title="constructor">v_const</span></a>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;P&nbsp;*)</span> <span class="id" title="tactic">right</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">IHt1</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">IHt1</span> | [<span class="id" title="var">t<sub>1</sub>'</span> <span class="id" title="var">Ht<sub>1</sub></span>] ].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;l&nbsp;*)</span> <span class="id" title="tactic">destruct</span> <span class="id" title="var">IHt2</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">IHt2</span> | [<span class="id" title="var">t<sub>2</sub>'</span> <span class="id" title="var">Ht<sub>2</sub></span>] ].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;l&nbsp;*)</span> <span class="id" title="tactic">inversion</span> <span class="id" title="var">IHt1</span>. <span class="id" title="tactic">inversion</span> <span class="id" title="var">IHt2</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (<span class="id" title="var">n</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <span class="id" title="var">n<sub>0</sub></span>)).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;r&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <span class="id" title="var">t<sub>1</sub></span> <span class="id" title="var">t<sub>2</sub>'</span>).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_Plus2"><span class="id" title="constructor">ST_Plus2</span></a>. <span class="id" title="tactic">apply</span> <span class="id" title="var">IHt1</span>. <span class="id" title="tactic">apply</span> <span class="id" title="var">Ht<sub>2</sub></span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;r&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <span class="id" title="var">t<sub>1</sub>'</span> <span class="id" title="var">t<sub>2</sub></span>).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a>. <span class="id" title="tactic">apply</span> <span class="id" title="var">Ht<sub>1</sub></span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
This important property is called <i>strong progress</i>, because
    every term either is a value or can "make progress" by stepping to
    some other term.  (The qualifier "strong" distinguishes it from a
    more refined version that we'll see in later chapters, called
    just <i>progress</i>.) 
<div class="paragraph"> </div>

 The idea of "making progress" can be extended to tell us something
    interesting about values: they are exactly the terms that <i>cannot</i>
    make progress in this sense.

<div class="paragraph"> </div>

    To state this observation formally, let's begin by giving a name
    to "terms that cannot make progress."  We'll call them <i>normal
    forms</i>.  
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="normal_form" class="idref" href="#normal_form"><span class="id" title="definition">normal_form</span></a> {<a id="X:44" class="idref" href="#X:44"><span class="id" title="binder">X</span></a> : <span class="id" title="keyword">Type</span>}<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a id="R:45" class="idref" href="#R:45"><span class="id" title="binder">R</span></a> : <a class="idref" href="Smallstep.html#relation"><span class="id" title="definition">relation</span></a> <a class="idref" href="Smallstep.html#X:44"><span class="id" title="variable">X</span></a>) (<a id="t:46" class="idref" href="#t:46"><span class="id" title="binder">t</span></a> : <a class="idref" href="Smallstep.html#X:44"><span class="id" title="variable">X</span></a>) : <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#63a68285c81db8f9bc456233bb9ed181"><span class="id" title="notation">¬</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="t':47" class="idref" href="#t':47"><span class="id" title="binder">t'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#R:45"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#t:46"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#t':47"><span class="id" title="variable">t'</span></a>.<br/>
</div>

<div class="doc">
Note that this definition specifies what it is to be a normal form
    for an <i>arbitrary</i> relation <span class="inlinecode"><span class="id" title="var">R</span></span> over an arbitrary set <span class="inlinecode"><span class="id" title="var">X</span></span>, not
    just for the particular single-step reduction relation over terms
    that we are interested in at the moment.  We'll re-use the same
    terminology for talking about other relations later in the
    course. 
<div class="paragraph"> </div>

 We can use this terminology to generalize the observation we
    made in the strong progress theorem: in this language (though not
    necessarily, in general), normal forms and values are actually the
    same thing. 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="value_is_nf" class="idref" href="#value_is_nf"><span class="id" title="lemma">value_is_nf</span></a> : <span class="id" title="keyword">∀</span> <a id="v:48" class="idref" href="#v:48"><span class="id" title="binder">v</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#v:48"><span class="id" title="variable">v</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#normal_form"><span class="id" title="definition">normal_form</span></a> <a class="idref" href="Smallstep.html#step"><span class="id" title="inductive">step</span></a> <a class="idref" href="Smallstep.html#v:48"><span class="id" title="variable">v</span></a>.<br/>
<div class="togglescript" id="proofcontrol3" onclick="toggleDisplay('proof3');toggleDisplay('proofcontrol3')"><span class="show"></span></div>
<div class="proofscript" id="proof3" onclick="toggleDisplay('proof3');toggleDisplay('proofcontrol3')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="Smallstep.html#normal_form"><span class="id" title="definition">normal_form</span></a>. <span class="id" title="tactic">intros</span> <span class="id" title="var">v</span> <span class="id" title="var">H</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">H</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">contra</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">contra</span>. <span class="id" title="tactic">inversion</span> <span class="id" title="var">H</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<br/>
<span class="id" title="keyword">Lemma</span> <a id="nf_is_value" class="idref" href="#nf_is_value"><span class="id" title="lemma">nf_is_value</span></a> : <span class="id" title="keyword">∀</span> <a id="t:49" class="idref" href="#t:49"><span class="id" title="binder">t</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#normal_form"><span class="id" title="definition">normal_form</span></a> <a class="idref" href="Smallstep.html#step"><span class="id" title="inductive">step</span></a> <a class="idref" href="Smallstep.html#t:49"><span class="id" title="variable">t</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#t:49"><span class="id" title="variable">t</span></a>.<br/>
<div class="togglescript" id="proofcontrol4" onclick="toggleDisplay('proof4');toggleDisplay('proofcontrol4')"><span class="show"></span></div>
<div class="proofscript" id="proof4" onclick="toggleDisplay('proof4');toggleDisplay('proofcontrol4')">
<span class="id" title="keyword">Proof</span>. <span class="comment">(*&nbsp;a&nbsp;corollary&nbsp;of&nbsp;<span class="inlinecode"><span class="id" title="var">strong_progress</span></span>...&nbsp;*)</span><br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="Smallstep.html#normal_form"><span class="id" title="definition">normal_form</span></a>. <span class="id" title="tactic">intros</span> <span class="id" title="var">t</span> <span class="id" title="var">H</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">assert</span> (<span class="id" title="var">G</span> : <a class="idref" href="Smallstep.html#value"><span class="id" title="inductive">value</span></a> <span class="id" title="var">t</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#f031fe1957c4a4a8e217aa46af2b4e<sub>25</sub>"><span class="id" title="notation">∨</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="t':51" class="idref" href="#t':51"><span class="id" title="binder">t'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a> <span class="id" title="var">t</span> <a class="idref" href="Smallstep.html#:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t':50"><span class="id" title="variable">t'</span></a>).<br/>
&nbsp;&nbsp;{ <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#strong_progress"><span class="id" title="lemma">strong_progress</span></a>. }<br/>
&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">G</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">G</span> | <span class="id" title="var">G</span>].<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;l&nbsp;*)</span> <span class="id" title="tactic">apply</span> <span class="id" title="var">G</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;r&nbsp;*)</span> <span class="id" title="var">exfalso</span>. <span class="id" title="tactic">apply</span> <span class="id" title="var">H</span>. <span class="id" title="tactic">assumption</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<br/>
<span class="id" title="keyword">Corollary</span> <a id="nf_same_as_value" class="idref" href="#nf_same_as_value"><span class="id" title="lemma">nf_same_as_value</span></a> : <span class="id" title="keyword">∀</span> <a id="t:52" class="idref" href="#t:52"><span class="id" title="binder">t</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#normal_form"><span class="id" title="definition">normal_form</span></a> <a class="idref" href="Smallstep.html#step"><span class="id" title="inductive">step</span></a> <a class="idref" href="Smallstep.html#t:52"><span class="id" title="variable">t</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'&lt;-&gt;'_x"><span class="id" title="notation">↔</span></a> <a class="idref" href="Smallstep.html#value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#t:52"><span class="id" title="variable">t</span></a>.<br/>
<div class="togglescript" id="proofcontrol5" onclick="toggleDisplay('proof5');toggleDisplay('proofcontrol5')"><span class="show"></span></div>
<div class="proofscript" id="proof5" onclick="toggleDisplay('proof5');toggleDisplay('proofcontrol5')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">split</span>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#nf_is_value"><span class="id" title="lemma">nf_is_value</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#value_is_nf"><span class="id" title="lemma">value_is_nf</span></a>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
Why is this interesting?

<div class="paragraph"> </div>

    Because <span class="inlinecode"><span class="id" title="var">value</span></span> is a syntactic concept -- it is defined by looking
    at the way a term is written -- while <span class="inlinecode"><span class="id" title="var">normal_form</span></span> is a semantic
    one -- it is defined by looking at how the term steps.

<div class="paragraph"> </div>

    It is not obvious that these concepts should characterize the same
    set of terms!  
<div class="paragraph"> </div>

 Indeed, we could easily have written the definitions (incorrectly)
    so that they would <i>not</i> coincide. 
<div class="paragraph"> </div>

<a id="lab155"></a><h4 class="section">Exercise: 3 stars, standard, optional (value_not_same_as_normal_form1)</h4>
 We might, for example, define <span class="inlinecode"><span class="id" title="var">value</span></span> so that it
    includes some terms that are not finished reducing.  (Even if you don't work this exercise and the following ones
    in Coq, make sure you can think of an example of such a term.) 
</div>
<div class="code">

<span class="id" title="keyword">Module</span> <a id="Temp1" class="idref" href="#Temp1"><span class="id" title="module">Temp1</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Temp1.value" class="idref" href="#Temp1.value"><span class="id" title="inductive">value</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Temp1.v_const" class="idref" href="#Temp1.v_const"><span class="id" title="constructor">v_const</span></a> : <span class="id" title="keyword">∀</span> <a id="n:55" class="idref" href="#n:55"><span class="id" title="binder">n</span></a>, <a class="idref" href="Smallstep.html#value:53"><span class="id" title="inductive">value</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n:55"><span class="id" title="variable">n</span></a>)<br/>
&nbsp;&nbsp;| <a id="Temp1.v_funny" class="idref" href="#Temp1.v_funny"><span class="id" title="constructor">v_funny</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:56" class="idref" href="#t<sub>1</sub>:56"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="n<sub>2</sub>:57" class="idref" href="#n<sub>2</sub>:57"><span class="id" title="binder">n<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#value:53"><span class="id" title="inductive">value</span></a> (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:56"><span class="id" title="variable">t<sub>1</sub></span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:57"><span class="id" title="variable">n<sub>2</sub></span></a>)). <span class="comment">(*&nbsp;&lt;---&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Reserved Notation</span> &quot; t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Temp1.step" class="idref" href="#Temp1.step"><span class="id" title="inductive">step</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Temp1.ST_PlusConstConst" class="idref" href="#Temp1.ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a> : <span class="id" title="keyword">∀</span> <a id="n<sub>1</sub>:60" class="idref" href="#n<sub>1</sub>:60"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:61" class="idref" href="#n<sub>2</sub>:61"><span class="id" title="binder">n<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>1</sub>:60"><span class="id" title="variable">n<sub>1</sub></span></a>) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:61"><span class="id" title="variable">n<sub>2</sub></span></a>) <a class="idref" href="Smallstep.html#Temp1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (<a class="idref" href="Smallstep.html#n<sub>1</sub>:60"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:61"><span class="id" title="variable">n<sub>2</sub></span></a>)<br/>
&nbsp;&nbsp;| <a id="Temp1.ST_Plus1" class="idref" href="#Temp1.ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:62" class="idref" href="#t<sub>1</sub>:62"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':63" class="idref" href="#t<sub>1</sub>':63"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:64" class="idref" href="#t<sub>2</sub>:64"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:62"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#Temp1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':63"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:62"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:64"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':63"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:64"><span class="id" title="variable">t<sub>2</sub></span></a><br/>
&nbsp;&nbsp;| <a id="Temp1.ST_Plus2" class="idref" href="#Temp1.ST_Plus2"><span class="id" title="constructor">ST_Plus2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:65" class="idref" href="#v<sub>1</sub>:65"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="t<sub>2</sub>:66" class="idref" href="#t<sub>2</sub>:66"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>2</sub>':67" class="idref" href="#t<sub>2</sub>':67"><span class="id" title="binder">t<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp1.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:65"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>2</sub>:66"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':67"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:65"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:66"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp1.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:65"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':67"><span class="id" title="variable">t<sub>2</sub>'</span></a><br/>
<br/>
&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id="Temp1.:::x_'--&gt;'_x" class="idref" href="#Temp1.:::x_'--&gt;'_x"><span class="id" title="notation">&quot;</span></a> t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " := (<a class="idref" href="Smallstep.html#step:59"><span class="id" title="inductive">step</span></a> <span class="id" title="var">t</span> <span class="id" title="var">t'</span>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Lemma</span> <a id="Temp1.value_not_same_as_normal_form" class="idref" href="#Temp1.value_not_same_as_normal_form"><span class="id" title="lemma">value_not_same_as_normal_form</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="v:68" class="idref" href="#v:68"><span class="id" title="binder">v</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#Temp1.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#v:68"><span class="id" title="variable">v</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#63a68285c81db8f9bc456233bb9ed181"><span class="id" title="notation">¬</span></a> <a class="idref" href="Smallstep.html#normal_form"><span class="id" title="definition">normal_form</span></a> <a class="idref" href="Smallstep.html#Temp1.step"><span class="id" title="inductive">step</span></a> <a class="idref" href="Smallstep.html#v:68"><span class="id" title="variable">v</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<span class="id" title="keyword">End</span> <a class="idref" href="Smallstep.html#Temp1"><span class="id" title="module">Temp1</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab156"></a><h4 class="section">Exercise: 2 stars, standard, optional (value_not_same_as_normal_form2)</h4>
 Or we might (again, wrongly) define <span class="inlinecode"><span class="id" title="var">step</span></span> so that it permits
    something designated as a value to reduce further. 
</div>
<div class="code">

<span class="id" title="keyword">Module</span> <a id="Temp2" class="idref" href="#Temp2"><span class="id" title="module">Temp2</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Temp2.value" class="idref" href="#Temp2.value"><span class="id" title="inductive">value</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Temp2.v_const" class="idref" href="#Temp2.v_const"><span class="id" title="constructor">v_const</span></a> : <span class="id" title="keyword">∀</span> <a id="n:71" class="idref" href="#n:71"><span class="id" title="binder">n</span></a>, <a class="idref" href="Smallstep.html#value:69"><span class="id" title="inductive">value</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n:71"><span class="id" title="variable">n</span></a>). <span class="comment">(*&nbsp;Original&nbsp;definition&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Reserved Notation</span> &quot; t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Temp2.step" class="idref" href="#Temp2.step"><span class="id" title="inductive">step</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Temp2.ST_Funny" class="idref" href="#Temp2.ST_Funny"><span class="id" title="constructor">ST_Funny</span></a> : <span class="id" title="keyword">∀</span> <a id="n:74" class="idref" href="#n:74"><span class="id" title="binder">n</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n:74"><span class="id" title="variable">n</span></a> <a class="idref" href="Smallstep.html#Temp2.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n:74"><span class="id" title="variable">n</span></a>) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 0)                  <span class="comment">(*&nbsp;&lt;---&nbsp;NEW&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a id="Temp2.ST_PlusConstConst" class="idref" href="#Temp2.ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a> : <span class="id" title="keyword">∀</span> <a id="n<sub>1</sub>:75" class="idref" href="#n<sub>1</sub>:75"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:76" class="idref" href="#n<sub>2</sub>:76"><span class="id" title="binder">n<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>1</sub>:75"><span class="id" title="variable">n<sub>1</sub></span></a>) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:76"><span class="id" title="variable">n<sub>2</sub></span></a>) <a class="idref" href="Smallstep.html#Temp2.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (<a class="idref" href="Smallstep.html#n<sub>1</sub>:75"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:76"><span class="id" title="variable">n<sub>2</sub></span></a>)<br/>
&nbsp;&nbsp;| <a id="Temp2.ST_Plus1" class="idref" href="#Temp2.ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:77" class="idref" href="#t<sub>1</sub>:77"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':78" class="idref" href="#t<sub>1</sub>':78"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:79" class="idref" href="#t<sub>2</sub>:79"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:77"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#Temp2.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':78"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:77"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:79"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp2.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':78"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:79"><span class="id" title="variable">t<sub>2</sub></span></a><br/>
&nbsp;&nbsp;| <a id="Temp2.ST_Plus2" class="idref" href="#Temp2.ST_Plus2"><span class="id" title="constructor">ST_Plus2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:80" class="idref" href="#v<sub>1</sub>:80"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="t<sub>2</sub>:81" class="idref" href="#t<sub>2</sub>:81"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>2</sub>':82" class="idref" href="#t<sub>2</sub>':82"><span class="id" title="binder">t<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp2.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:80"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>2</sub>:81"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp2.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':82"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:80"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:81"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp2.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:80"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':82"><span class="id" title="variable">t<sub>2</sub>'</span></a><br/>
<br/>
&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id="Temp2.:::x_'--&gt;'_x" class="idref" href="#Temp2.:::x_'--&gt;'_x"><span class="id" title="notation">&quot;</span></a> t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " := (<a class="idref" href="Smallstep.html#step:73"><span class="id" title="inductive">step</span></a> <span class="id" title="var">t</span> <span class="id" title="var">t'</span>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Lemma</span> <a id="Temp2.value_not_same_as_normal_form" class="idref" href="#Temp2.value_not_same_as_normal_form"><span class="id" title="lemma">value_not_same_as_normal_form</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="v:83" class="idref" href="#v:83"><span class="id" title="binder">v</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#Temp2.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#v:83"><span class="id" title="variable">v</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#63a68285c81db8f9bc456233bb9ed181"><span class="id" title="notation">¬</span></a> <a class="idref" href="Smallstep.html#normal_form"><span class="id" title="definition">normal_form</span></a> <a class="idref" href="Smallstep.html#Temp2.step"><span class="id" title="inductive">step</span></a> <a class="idref" href="Smallstep.html#v:83"><span class="id" title="variable">v</span></a>.<br/>
<div class="togglescript" id="proofcontrol6" onclick="toggleDisplay('proof6');toggleDisplay('proofcontrol6')"><span class="show"></span></div>
<div class="proofscript" id="proof6" onclick="toggleDisplay('proof6');toggleDisplay('proofcontrol6')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
</div>
<span class="id" title="keyword">End</span> <a class="idref" href="Smallstep.html#Temp2"><span class="id" title="module">Temp2</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

<a id="lab157"></a><h4 class="section">Exercise: 3 stars, standard, optional (value_not_same_as_normal_form3)</h4>
 Finally, we might define <span class="inlinecode"><span class="id" title="var">value</span></span> and <span class="inlinecode"><span class="id" title="var">step</span></span> so that there is some
    term that is not a value but that cannot take a step in the <span class="inlinecode"><span class="id" title="var">step</span></span>
    relation.  Such terms are said to be <i>stuck</i>. In this case this is
    caused by a mistake in the semantics, but we will also see
    situations where, even in a correct language definition, it makes
    sense to allow some terms to be stuck. 
</div>
<div class="code">

<span class="id" title="keyword">Module</span> <a id="Temp3" class="idref" href="#Temp3"><span class="id" title="module">Temp3</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Temp3.value" class="idref" href="#Temp3.value"><span class="id" title="inductive">value</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Temp3.v_const" class="idref" href="#Temp3.v_const"><span class="id" title="constructor">v_const</span></a> : <span class="id" title="keyword">∀</span> <a id="n:86" class="idref" href="#n:86"><span class="id" title="binder">n</span></a>, <a class="idref" href="Smallstep.html#value:84"><span class="id" title="inductive">value</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n:86"><span class="id" title="variable">n</span></a>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Reserved Notation</span> &quot; t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Temp3.step" class="idref" href="#Temp3.step"><span class="id" title="inductive">step</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Temp3.ST_PlusConstConst" class="idref" href="#Temp3.ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a> : <span class="id" title="keyword">∀</span> <a id="n<sub>1</sub>:89" class="idref" href="#n<sub>1</sub>:89"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:90" class="idref" href="#n<sub>2</sub>:90"><span class="id" title="binder">n<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>1</sub>:89"><span class="id" title="variable">n<sub>1</sub></span></a>) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:90"><span class="id" title="variable">n<sub>2</sub></span></a>) <a class="idref" href="Smallstep.html#Temp3.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (<a class="idref" href="Smallstep.html#n<sub>1</sub>:89"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:90"><span class="id" title="variable">n<sub>2</sub></span></a>)<br/>
&nbsp;&nbsp;| <a id="Temp3.ST_Plus1" class="idref" href="#Temp3.ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:91" class="idref" href="#t<sub>1</sub>:91"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':92" class="idref" href="#t<sub>1</sub>':92"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:93" class="idref" href="#t<sub>2</sub>:93"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:91"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#Temp3.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':92"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:91"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:93"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp3.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':92"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:93"><span class="id" title="variable">t<sub>2</sub></span></a><br/>
<br/>
&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id="Temp3.:::x_'--&gt;'_x" class="idref" href="#Temp3.:::x_'--&gt;'_x"><span class="id" title="notation">&quot;</span></a> t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " := (<a class="idref" href="Smallstep.html#step:88"><span class="id" title="inductive">step</span></a> <span class="id" title="var">t</span> <span class="id" title="var">t'</span>).<br/>
</div>

<div class="doc">
(Note that <span class="inlinecode"><span class="id" title="var">ST_Plus2</span></span> is missing.) 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="Temp3.value_not_same_as_normal_form" class="idref" href="#Temp3.value_not_same_as_normal_form"><span class="id" title="lemma">value_not_same_as_normal_form</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="t:94" class="idref" href="#t:94"><span class="id" title="binder">t</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#63a68285c81db8f9bc456233bb9ed181"><span class="id" title="notation">¬</span></a> <a class="idref" href="Smallstep.html#Temp3.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#t:94"><span class="id" title="variable">t</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#normal_form"><span class="id" title="definition">normal_form</span></a> <a class="idref" href="Smallstep.html#Temp3.step"><span class="id" title="inductive">step</span></a> <a class="idref" href="Smallstep.html#t:94"><span class="id" title="variable">t</span></a>.<br/>
<div class="togglescript" id="proofcontrol7" onclick="toggleDisplay('proof7');toggleDisplay('proofcontrol7')"><span class="show"></span></div>
<div class="proofscript" id="proof7" onclick="toggleDisplay('proof7');toggleDisplay('proofcontrol7')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
</div>

<br/>
<span class="id" title="keyword">End</span> <a class="idref" href="Smallstep.html#Temp3"><span class="id" title="module">Temp3</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab158"></a><h3 class="section">Additional Exercises</h3>

</div>
<div class="code">

<span class="id" title="keyword">Module</span> <a id="Temp4" class="idref" href="#Temp4"><span class="id" title="module">Temp4</span></a>.<br/>
</div>

<div class="doc">
Here is another very simple language whose terms, instead of being
    just addition expressions and numbers, are just the booleans true
    and false and a conditional expression... 
</div>
<div class="code">

<span class="id" title="keyword">Inductive</span> <a id="Temp4.tm" class="idref" href="#Temp4.tm"><span class="id" title="inductive">tm</span></a> : <span class="id" title="keyword">Type</span> :=<br/>
&nbsp;&nbsp;| <a id="Temp4.tru" class="idref" href="#Temp4.tru"><span class="id" title="constructor">tru</span></a> : <a class="idref" href="Smallstep.html#tm:95"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="Temp4.fls" class="idref" href="#Temp4.fls"><span class="id" title="constructor">fls</span></a> : <a class="idref" href="Smallstep.html#tm:95"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="Temp4.test" class="idref" href="#Temp4.test"><span class="id" title="constructor">test</span></a> : <a class="idref" href="Smallstep.html#tm:95"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:95"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:95"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:95"><span class="id" title="inductive">tm</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Temp4.value" class="idref" href="#Temp4.value"><span class="id" title="inductive">value</span></a> : <a class="idref" href="Smallstep.html#Temp4.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Temp4.v_tru" class="idref" href="#Temp4.v_tru"><span class="id" title="constructor">v_tru</span></a> : <a class="idref" href="Smallstep.html#value:97"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a><br/>
&nbsp;&nbsp;| <a id="Temp4.v_fls" class="idref" href="#Temp4.v_fls"><span class="id" title="constructor">v_fls</span></a> : <a class="idref" href="Smallstep.html#value:97"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Reserved Notation</span> &quot; t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Temp4.step" class="idref" href="#Temp4.step"><span class="id" title="inductive">step</span></a> : <a class="idref" href="Smallstep.html#Temp4.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#Temp4.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Temp4.ST_IfTrue" class="idref" href="#Temp4.ST_IfTrue"><span class="id" title="constructor">ST_IfTrue</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:101" class="idref" href="#t<sub>1</sub>:101"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:102" class="idref" href="#t<sub>2</sub>:102"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:101"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:102"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp4.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:101"><span class="id" title="variable">t<sub>1</sub></span></a><br/>
&nbsp;&nbsp;| <a id="Temp4.ST_IfFalse" class="idref" href="#Temp4.ST_IfFalse"><span class="id" title="constructor">ST_IfFalse</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:103" class="idref" href="#t<sub>1</sub>:103"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:104" class="idref" href="#t<sub>2</sub>:104"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:103"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:104"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp4.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:104"><span class="id" title="variable">t<sub>2</sub></span></a><br/>
&nbsp;&nbsp;| <a id="Temp4.ST_If" class="idref" href="#Temp4.ST_If"><span class="id" title="constructor">ST_If</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:105" class="idref" href="#t<sub>1</sub>:105"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':106" class="idref" href="#t<sub>1</sub>':106"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:107" class="idref" href="#t<sub>2</sub>:107"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>3</sub>:108" class="idref" href="#t<sub>3</sub>:108"><span class="id" title="binder">t<sub>3</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:105"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#Temp4.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':106"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:105"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:107"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>3</sub>:108"><span class="id" title="variable">t<sub>3</sub></span></a> <a class="idref" href="Smallstep.html#Temp4.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':106"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:107"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>3</sub>:108"><span class="id" title="variable">t<sub>3</sub></span></a><br/>
<br/>
&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id="Temp4.:::x_'--&gt;'_x" class="idref" href="#Temp4.:::x_'--&gt;'_x"><span class="id" title="notation">&quot;</span></a> t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " := (<a class="idref" href="Smallstep.html#step:100"><span class="id" title="inductive">step</span></a> <span class="id" title="var">t</span> <span class="id" title="var">t'</span>).<br/>
</div>

<div class="doc">
<a id="lab159"></a><h4 class="section">Exercise: 1 star, standard (smallstep_bools)</h4>
 Which of the following propositions are provable?  (This is just a
    thought exercise, but for an extra challenge feel free to prove
    your answers in Coq.) 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="Temp4.bool_step_prop1" class="idref" href="#Temp4.bool_step_prop1"><span class="id" title="definition">bool_step_prop1</span></a> :=<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a> <a class="idref" href="Smallstep.html#Temp4.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a>.<br/><hr class='doublespaceincode'/>
<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="Temp4.bool_step_prop2" class="idref" href="#Temp4.bool_step_prop2"><span class="id" title="definition">bool_step_prop2</span></a> :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a> <a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a> <a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a>)<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a>.<br/><hr class='doublespaceincode'/>
<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="Temp4.bool_step_prop3" class="idref" href="#Temp4.bool_step_prop3"><span class="id" title="definition">bool_step_prop3</span></a> :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a><br/>
&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a>.<br/><hr class='doublespaceincode'/>
<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="comment">(*&nbsp;Do&nbsp;not&nbsp;modify&nbsp;the&nbsp;following&nbsp;line:&nbsp;*)</span><br/>
<span class="id" title="keyword">Definition</span> <a id="Temp4.manual_grade_for_smallstep_bools" class="idref" href="#Temp4.manual_grade_for_smallstep_bools"><span class="id" title="definition">manual_grade_for_smallstep_bools</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#option"><span class="id" title="inductive">option</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>) := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#None"><span class="id" title="constructor">None</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

<a id="lab160"></a><h4 class="section">Exercise: 3 stars, standard, optional (strong_progress_bool)</h4>
 Just as we proved a progress theorem for plus expressions, we can
    do so for boolean expressions, as well. 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="Temp4.strong_progress_bool" class="idref" href="#Temp4.strong_progress_bool"><span class="id" title="lemma">strong_progress_bool</span></a> : <span class="id" title="keyword">∀</span> <a id="t:109" class="idref" href="#t:109"><span class="id" title="binder">t</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#t:109"><span class="id" title="variable">t</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#f031fe1957c4a4a8e217aa46af2b4e<sub>25</sub>"><span class="id" title="notation">∨</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#f031fe1957c4a4a8e217aa46af2b4e<sub>25</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="t':110" class="idref" href="#t':110"><span class="id" title="binder">t'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#t:109"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#Temp4.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t':110"><span class="id" title="variable">t'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#f031fe1957c4a4a8e217aa46af2b4e<sub>25</sub>"><span class="id" title="notation">)</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

<a id="lab161"></a><h4 class="section">Exercise: 2 stars, standard, optional (step_deterministic)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Theorem</span> <a id="Temp4.step_deterministic" class="idref" href="#Temp4.step_deterministic"><span class="id" title="lemma">step_deterministic</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#deterministic"><span class="id" title="definition">deterministic</span></a> <a class="idref" href="Smallstep.html#Temp4.step"><span class="id" title="inductive">step</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="code">

<span class="id" title="keyword">Module</span> <a id="Temp4.Temp5" class="idref" href="#Temp4.Temp5"><span class="id" title="module">Temp5</span></a>.<br/>
</div>

<div class="doc">
<a id="lab162"></a><h4 class="section">Exercise: 2 stars, standard (smallstep_bool_shortcut)</h4>
 Suppose we want to add a "short circuit" to the step relation for
    boolean expressions, so that it can recognize when the <span class="inlinecode"><span class="id" title="keyword">then</span></span> and
    <span class="inlinecode"><span class="id" title="keyword">else</span></span> branches of a conditional are the same value (either
    <span class="inlinecode"><span class="id" title="var">tru</span></span> or <span class="inlinecode"><span class="id" title="var">fls</span></span>) and reduce the whole conditional to this
    value in a single step, even if the guard has not yet been reduced
    to a value. For example, we would like this proposition to be
    provable:
<br/>
<span class="inlinecode">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">test</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="var">test</span> <span class="id" title="var">tru</span> <span class="id" title="var">tru</span> <span class="id" title="var">tru</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">fls</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">fls</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">fls</span>.
</span>
<div class="paragraph"> </div>

 Write an extra clause for the step relation that achieves this
    effect and prove <span class="inlinecode"><span class="id" title="var">bool_step_prop4</span></span>. 
</div>
<div class="code">

<span class="id" title="keyword">Reserved Notation</span> &quot; t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Temp4.Temp5.step" class="idref" href="#Temp4.Temp5.step"><span class="id" title="inductive">step</span></a> : <a class="idref" href="Smallstep.html#Temp4.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#Temp4.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Temp4.Temp5.ST_IfTrue" class="idref" href="#Temp4.Temp5.ST_IfTrue"><span class="id" title="constructor">ST_IfTrue</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:113" class="idref" href="#t<sub>1</sub>:113"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:114" class="idref" href="#t<sub>2</sub>:114"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:113"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:114"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp4.Temp5.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:113"><span class="id" title="variable">t<sub>1</sub></span></a><br/>
&nbsp;&nbsp;| <a id="Temp4.Temp5.ST_IfFalse" class="idref" href="#Temp4.Temp5.ST_IfFalse"><span class="id" title="constructor">ST_IfFalse</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:115" class="idref" href="#t<sub>1</sub>:115"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:116" class="idref" href="#t<sub>2</sub>:116"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:115"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:116"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Temp4.Temp5.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:116"><span class="id" title="variable">t<sub>2</sub></span></a><br/>
&nbsp;&nbsp;| <a id="Temp4.Temp5.ST_If" class="idref" href="#Temp4.Temp5.ST_If"><span class="id" title="constructor">ST_If</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:117" class="idref" href="#t<sub>1</sub>:117"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':118" class="idref" href="#t<sub>1</sub>':118"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:119" class="idref" href="#t<sub>2</sub>:119"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>3</sub>:120" class="idref" href="#t<sub>3</sub>:120"><span class="id" title="binder">t<sub>3</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:117"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#Temp4.Temp5.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':118"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:117"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:119"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>3</sub>:120"><span class="id" title="variable">t<sub>3</sub></span></a> <a class="idref" href="Smallstep.html#Temp4.Temp5.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':118"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:119"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>3</sub>:120"><span class="id" title="variable">t<sub>3</sub></span></a><br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/>
<br/>
&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id="Temp4.Temp5.:::x_'--&gt;'_x" class="idref" href="#Temp4.Temp5.:::x_'--&gt;'_x"><span class="id" title="notation">&quot;</span></a> t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " := (<a class="idref" href="Smallstep.html#step:112"><span class="id" title="inductive">step</span></a> <span class="id" title="var">t</span> <span class="id" title="var">t'</span>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="Temp4.Temp5.bool_step_prop4" class="idref" href="#Temp4.Temp5.bool_step_prop4"><span class="id" title="definition">bool_step_prop4</span></a> :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#Temp4.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#Temp4.tru"><span class="id" title="constructor">tru</span></a>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.Temp5.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.fls"><span class="id" title="constructor">fls</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Example</span> <a id="Temp4.Temp5.bool_step_prop4_holds" class="idref" href="#Temp4.Temp5.bool_step_prop4_holds"><span class="id" title="definition">bool_step_prop4_holds</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Temp4.Temp5.bool_step_prop4"><span class="id" title="definition">bool_step_prop4</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

<a id="lab163"></a><h4 class="section">Exercise: 3 stars, standard, optional (properties_of_altered_step)</h4>
 It can be shown that the determinism and strong progress theorems
    for the step relation in the lecture notes also hold for the
    definition of step given above.  After we add the clause
    <span class="inlinecode"><span class="id" title="var">ST_ShortCircuit</span></span>...

<div class="paragraph"> </div>

<ul class="doclist">
<li> Is the <span class="inlinecode"><span class="id" title="var">step</span></span> relation still deterministic?  Write yes or no and
      briefly (1 sentence) explain your answer.

<div class="paragraph"> </div>

      Optional: prove your answer correct in Coq. 

</li>
</ul>
</div>
<div class="code">

<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/>
</div>

<div class="doc">
<ul class="doclist">
<li> Does a strong progress theorem hold? Write yes or no and
     briefly (1 sentence) explain your answer.

<div class="paragraph"> </div>

     Optional: prove your answer correct in Coq.

</li>
</ul>

</div>
<div class="code">

<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/>
</div>

<div class="doc">
<ul class="doclist">
<li> In general, is there any way we could cause strong progress to
     fail if we took away one or more constructors from the original
     step relation? Write yes or no and briefly (1 sentence) explain
     your answer.

</li>
</ul>

<div class="paragraph"> </div>

<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/>

</div>
<div class="code">
<span class="comment">(*&nbsp;Do&nbsp;not&nbsp;modify&nbsp;the&nbsp;following&nbsp;line:&nbsp;*)</span><br/>
<span class="id" title="keyword">Definition</span> <a id="Temp4.Temp5.manual_grade_for_properties_of_altered_step" class="idref" href="#Temp4.Temp5.manual_grade_for_properties_of_altered_step"><span class="id" title="definition">manual_grade_for_properties_of_altered_step</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#option"><span class="id" title="inductive">option</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>) := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#None"><span class="id" title="constructor">None</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="code">

<span class="id" title="keyword">End</span> <a class="idref" href="Smallstep.html#Temp4.Temp5"><span class="id" title="module">Temp5</span></a>.<br/>
<span class="id" title="keyword">End</span> <a class="idref" href="Smallstep.html#Temp4"><span class="id" title="module">Temp4</span></a>.<br/>
</div>

<div class="doc">
<a id="lab164"></a><h1 class="section">Multi-Step Reduction</h1>

<div class="paragraph"> </div>

 We've been working so far with the <i>single-step reduction</i>
    relation <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span>, which formalizes the individual steps of an
    abstract machine for executing programs.

<div class="paragraph"> </div>

    We can use the same machine to reduce programs to completion -- to
    find out what final result they yield.  This can be formalized as
    follows:

<div class="paragraph"> </div>

<ul class="doclist">
<li> First, we define a <i>multi-step reduction relation</i> <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span>, which
      relates terms <span class="inlinecode"><span class="id" title="var">t</span></span> and <span class="inlinecode"><span class="id" title="var">t'</span></span> if <span class="inlinecode"><span class="id" title="var">t</span></span> can reach <span class="inlinecode"><span class="id" title="var">t'</span></span> by any number
      (including zero) of single reduction steps.

<div class="paragraph"> </div>


</li>
<li> Then we define a "result" of a term <span class="inlinecode"><span class="id" title="var">t</span></span> as a normal form that
      <span class="inlinecode"><span class="id" title="var">t</span></span> can reach by multi-step reduction. 

</li>
</ul>
</div>

<div class="doc">
Since we'll want to reuse the idea of multi-step reduction many
    times, let's pause and define it generically.

<div class="paragraph"> </div>

    Given a relation <span class="inlinecode"><span class="id" title="var">R</span></span> (which will be <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> for present purposes),
    we define a relation <span class="inlinecode"><span class="id" title="var">multi</span></span> <span class="inlinecode"><span class="id" title="var">R</span></span>, called the <i>multi-step closure of
    <span class="inlinecode"><span class="id" title="var">R</span></span></i> as follows. 
</div>
<div class="code">

<span class="id" title="keyword">Inductive</span> <a id="multi" class="idref" href="#multi"><span class="id" title="inductive">multi</span></a> {<a id="X:121" class="idref" href="#X:121"><span class="id" title="binder">X</span></a> : <span class="id" title="keyword">Type</span>} (<a id="R:122" class="idref" href="#R:122"><span class="id" title="binder">R</span></a> : <a class="idref" href="Smallstep.html#relation"><span class="id" title="definition">relation</span></a> <a class="idref" href="Smallstep.html#X:121"><span class="id" title="variable">X</span></a>) : <a class="idref" href="Smallstep.html#relation"><span class="id" title="definition">relation</span></a> <span class="id" title="var">X</span> :=<br/>
&nbsp;&nbsp;| <a id="multi_refl" class="idref" href="#multi_refl"><span class="id" title="constructor">multi_refl</span></a> : <span class="id" title="keyword">∀</span> (<a id="x:125" class="idref" href="#x:125"><span class="id" title="binder">x</span></a> : <a class="idref" href="Smallstep.html#X:121"><span class="id" title="variable">X</span></a>), <a class="idref" href="Smallstep.html#multi:123"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#R:122"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#x:125"><span class="id" title="variable">x</span></a> <a class="idref" href="Smallstep.html#x:125"><span class="id" title="variable">x</span></a><br/>
&nbsp;&nbsp;| <a id="multi_step" class="idref" href="#multi_step"><span class="id" title="constructor">multi_step</span></a> : <span class="id" title="keyword">∀</span> (<a id="x:126" class="idref" href="#x:126"><span class="id" title="binder">x</span></a> <a id="y:127" class="idref" href="#y:127"><span class="id" title="binder">y</span></a> <a id="z:128" class="idref" href="#z:128"><span class="id" title="binder">z</span></a> : <a class="idref" href="Smallstep.html#X:121"><span class="id" title="variable">X</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#R:122"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#x:126"><span class="id" title="variable">x</span></a> <a class="idref" href="Smallstep.html#y:127"><span class="id" title="variable">y</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#multi:123"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#R:122"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#y:127"><span class="id" title="variable">y</span></a> <a class="idref" href="Smallstep.html#z:128"><span class="id" title="variable">z</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#multi:123"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#R:122"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#x:126"><span class="id" title="variable">x</span></a> <a class="idref" href="Smallstep.html#z:128"><span class="id" title="variable">z</span></a>.<br/>
</div>

<div class="doc">
Full: (In the <a href="https://softwarefoundations.cis.upenn.edu/lf-current/Rel.html"><span class="inlineref">Rel</span></a> chapter of <i>Logical Foundations</i> and
    the Coq standard library, this relation is called
    <span class="inlinecode"><span class="id" title="var">clos_refl_trans_1n</span></span>.  We give it a shorter name here for the sake
    of readability.) 
<div class="paragraph"> </div>

 The effect of this definition is that <span class="inlinecode"><span class="id" title="var">multi</span></span> <span class="inlinecode"><span class="id" title="var">R</span></span> relates two
    elements <span class="inlinecode"><span class="id" title="var">x</span></span> and <span class="inlinecode"><span class="id" title="var">y</span></span> if

<div class="paragraph"> </div>

<ul class="doclist">
<li> <span class="inlinecode"><span class="id" title="var">x</span></span> <span class="inlinecode">=</span> <span class="inlinecode"><span class="id" title="var">y</span></span>, or

</li>
<li> <span class="inlinecode"><span class="id" title="var">R</span></span> <span class="inlinecode"><span class="id" title="var">x</span></span> <span class="inlinecode"><span class="id" title="var">y</span></span>, or

</li>
<li> there is some nonempty sequence <span class="inlinecode"><span class="id" title="var">z<sub>1</sub></span></span>, <span class="inlinecode"><span class="id" title="var">z<sub>2</sub></span></span>, ..., <span class="inlinecode"><span class="id" title="var">zn</span></span> such that
<br/>
<span class="inlinecode">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">R</span> <span class="id" title="var">x</span> <span class="id" title="var">z<sub>1</sub></span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">R</span> <span class="id" title="var">z<sub>1</sub></span> <span class="id" title="var">z<sub>2</sub></span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">R</span> <span class="id" title="var">zn</span> <span class="id" title="var">y</span>.
</span>
</li>
</ul>
    Thus, if <span class="inlinecode"><span class="id" title="var">R</span></span> describes a single-step of computation, then <span class="inlinecode"><span class="id" title="var">z<sub>1</sub></span></span> ... <span class="inlinecode"><span class="id" title="var">zn</span></span>
    is the sequence of intermediate steps of computation between <span class="inlinecode"><span class="id" title="var">x</span></span> and
    <span class="inlinecode"><span class="id" title="var">y</span></span>. 
<div class="paragraph"> </div>

 We write <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span> for the <span class="inlinecode"><span class="id" title="var">multi</span></span> <span class="inlinecode"><span class="id" title="var">step</span></span> relation on terms. 
</div>
<div class="code">

<span class="id" title="keyword">Notation</span> <a id="a781e4b1e2c022f0326182a9bd099911" class="idref" href="#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">&quot;</span></a> t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span>' t' " := (<a class="idref" href="Smallstep.html#multi"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#step"><span class="id" title="inductive">step</span></a> <span class="id" title="var">t</span> <span class="id" title="var">t'</span>) (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40).<br/>
</div>

<div class="doc">
The relation <span class="inlinecode"><span class="id" title="var">multi</span></span> <span class="inlinecode"><span class="id" title="var">R</span></span> has several crucial properties.

<div class="paragraph"> </div>

    First, it is obviously <i>reflexive</i> (that is, <span class="inlinecode"><span class="id" title="keyword">∀</span></span> <span class="inlinecode"><span class="id" title="var">x</span>,</span> <span class="inlinecode"><span class="id" title="var">multi</span></span> <span class="inlinecode"><span class="id" title="var">R</span></span> <span class="inlinecode"><span class="id" title="var">x</span></span>
    <span class="inlinecode"><span class="id" title="var">x</span></span>).  In the case of the <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span> (i.e., <span class="inlinecode"><span class="id" title="var">multi</span></span> <span class="inlinecode"><span class="id" title="var">step</span></span>) relation, the
    intuition is that a term can execute to itself by taking zero
    steps of execution. 
<div class="paragraph"> </div>

 Second, it contains <span class="inlinecode"><span class="id" title="var">R</span></span> -- that is, single-step executions are a
    particular case of multi-step executions.  (It is this fact that
    justifies the word "closure" in the term "multi-step closure of
    <span class="inlinecode"><span class="id" title="var">R</span></span>.") 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="multi_R" class="idref" href="#multi_R"><span class="id" title="lemma">multi_R</span></a> : <span class="id" title="keyword">∀</span> (<a id="X:129" class="idref" href="#X:129"><span class="id" title="binder">X</span></a> : <span class="id" title="keyword">Type</span>) (<a id="R:130" class="idref" href="#R:130"><span class="id" title="binder">R</span></a> : <a class="idref" href="Smallstep.html#relation"><span class="id" title="definition">relation</span></a> <a class="idref" href="Smallstep.html#X:129"><span class="id" title="variable">X</span></a>) (<a id="x:131" class="idref" href="#x:131"><span class="id" title="binder">x</span></a> <a id="y:132" class="idref" href="#y:132"><span class="id" title="binder">y</span></a> : <a class="idref" href="Smallstep.html#X:129"><span class="id" title="variable">X</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#R:130"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#x:131"><span class="id" title="variable">x</span></a> <a class="idref" href="Smallstep.html#y:132"><span class="id" title="variable">y</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> (<a class="idref" href="Smallstep.html#multi"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#R:130"><span class="id" title="variable">R</span></a>) <a class="idref" href="Smallstep.html#x:131"><span class="id" title="variable">x</span></a> <a class="idref" href="Smallstep.html#y:132"><span class="id" title="variable">y</span></a>.<br/>
<div class="togglescript" id="proofcontrol8" onclick="toggleDisplay('proof8');toggleDisplay('proofcontrol8')"><span class="show"></span></div>
<div class="proofscript" id="proof8" onclick="toggleDisplay('proof8');toggleDisplay('proofcontrol8')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">X</span> <span class="id" title="var">R</span> <span class="id" title="var">x</span> <span class="id" title="var">y</span> <span class="id" title="var">H</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a> <span class="id" title="keyword">with</span> <span class="id" title="var">y</span>. <span class="id" title="tactic">apply</span> <span class="id" title="var">H</span>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
Third, <span class="inlinecode"><span class="id" title="var">multi</span></span> <span class="inlinecode"><span class="id" title="var">R</span></span> is <i>transitive</i>. 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="multi_trans" class="idref" href="#multi_trans"><span class="id" title="lemma">multi_trans</span></a> :<br/>
&nbsp;&nbsp;<span class="id" title="keyword">∀</span> (<a id="X:133" class="idref" href="#X:133"><span class="id" title="binder">X</span></a> : <span class="id" title="keyword">Type</span>) (<a id="R:134" class="idref" href="#R:134"><span class="id" title="binder">R</span></a> : <a class="idref" href="Smallstep.html#relation"><span class="id" title="definition">relation</span></a> <a class="idref" href="Smallstep.html#X:133"><span class="id" title="variable">X</span></a>) (<a id="x:135" class="idref" href="#x:135"><span class="id" title="binder">x</span></a> <a id="y:136" class="idref" href="#y:136"><span class="id" title="binder">y</span></a> <a id="z:137" class="idref" href="#z:137"><span class="id" title="binder">z</span></a> : <a class="idref" href="Smallstep.html#X:133"><span class="id" title="variable">X</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#multi"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#R:134"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#x:135"><span class="id" title="variable">x</span></a> <a class="idref" href="Smallstep.html#y:136"><span class="id" title="variable">y</span></a>  <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#multi"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#R:134"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#y:136"><span class="id" title="variable">y</span></a> <a class="idref" href="Smallstep.html#z:137"><span class="id" title="variable">z</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#multi"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#R:134"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#x:135"><span class="id" title="variable">x</span></a> <a class="idref" href="Smallstep.html#z:137"><span class="id" title="variable">z</span></a>.<br/>
<div class="togglescript" id="proofcontrol9" onclick="toggleDisplay('proof9');toggleDisplay('proofcontrol9')"><span class="show"></span></div>
<div class="proofscript" id="proof9" onclick="toggleDisplay('proof9');toggleDisplay('proofcontrol9')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">X</span> <span class="id" title="var">R</span> <span class="id" title="var">x</span> <span class="id" title="var">y</span> <span class="id" title="var">z</span> <span class="id" title="var">G</span> <span class="id" title="var">H</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">G</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;- <span class="comment">(*&nbsp;multi_refl&nbsp;*)</span> <span class="id" title="tactic">assumption</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;- <span class="comment">(*&nbsp;multi_step&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a> <span class="id" title="keyword">with</span> <span class="id" title="var">y</span>. <span class="id" title="tactic">assumption</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <span class="id" title="var">IHG</span>. <span class="id" title="tactic">assumption</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
In particular, for the <span class="inlinecode"><span class="id" title="var">multi</span></span> <span class="inlinecode"><span class="id" title="var">step</span></span> relation on terms, if
    <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>3</sub></span></span>, then <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>3</sub></span></span>. 
</div>

<div class="doc">
<a id="lab165"></a><h2 class="section">Examples</h2>

<div class="paragraph"> </div>

 Here's a specific instance of the <span class="inlinecode"><span class="id" title="var">multi</span></span> <span class="inlinecode"><span class="id" title="var">step</span></span> relation: 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="test_multistep_1" class="idref" href="#test_multistep_1"><span class="id" title="lemma">test_multistep_1</span></a>:<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 0) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3))<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 2) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4))<br/>
&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">(</span></a>0 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> 3<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">(</span></a>2 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> 4<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">)</span></a>).<br/>
<div class="togglescript" id="proofcontrol10" onclick="toggleDisplay('proof10');toggleDisplay('proofcontrol10')"><span class="show"></span></div>
<div class="proofscript" id="proof10" onclick="toggleDisplay('proof10');toggleDisplay('proofcontrol10')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a> <span class="id" title="keyword">with</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (0 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> 3))<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 2) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4))).<br/>
&nbsp;&nbsp;{ <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>. }<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a> <span class="id" title="keyword">with</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (0 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> 3))<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (2 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> 4))).<br/>
&nbsp;&nbsp;{ <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_Plus2"><span class="id" title="constructor">ST_Plus2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#v_const"><span class="id" title="constructor">v_const</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>. }<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_R"><span class="id" title="lemma">multi_R</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
Here's an alternate proof of the same fact that uses <span class="inlinecode"><span class="id" title="tactic">eapply</span></span> to
    avoid explicitly constructing all the intermediate terms. 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="test_multistep_1'" class="idref" href="#test_multistep_1'"><span class="id" title="lemma">test_multistep_1'</span></a>:<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 0) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3))<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 2) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4))<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">(</span></a>0 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> 3<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">(</span></a>2 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> 4<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">)</span></a>).<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. { <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>. }<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. { <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_Plus2"><span class="id" title="constructor">ST_Plus2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#v_const"><span class="id" title="constructor">v_const</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>. }<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. { <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>. }<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<div class="doc">
<a id="lab166"></a><h4 class="section">Exercise: 1 star, standard, optional (test_multistep_2)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Lemma</span> <a id="test_multistep_2" class="idref" href="#test_multistep_2"><span class="id" title="lemma">test_multistep_2</span></a>:<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3 <a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

<a id="lab167"></a><h4 class="section">Exercise: 1 star, standard, optional (test_multistep_3)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Lemma</span> <a id="test_multistep_3" class="idref" href="#test_multistep_3"><span class="id" title="lemma">test_multistep_3</span></a>:<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 0) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3)<br/>
&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 0) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3).<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

<a id="lab168"></a><h4 class="section">Exercise: 2 stars, standard (test_multistep_4)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Lemma</span> <a id="test_multistep_4" class="idref" href="#test_multistep_4"><span class="id" title="lemma">test_multistep_4</span></a>:<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 0)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 2)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 0) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3)))<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 0)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (2 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">(</span></a>0 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> 3<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">)</span></a>)).<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab169"></a><h2 class="section">Normal Forms Again</h2>

<div class="paragraph"> </div>

 If <span class="inlinecode"><span class="id" title="var">t</span></span> reduces to <span class="inlinecode"><span class="id" title="var">t'</span></span> in zero or more steps and <span class="inlinecode"><span class="id" title="var">t'</span></span> is a
    normal form, we say that "<span class="inlinecode"><span class="id" title="var">t'</span></span> is a normal form of <span class="inlinecode"><span class="id" title="var">t</span></span>." 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="step_normal_form" class="idref" href="#step_normal_form"><span class="id" title="definition">step_normal_form</span></a> := <a class="idref" href="Smallstep.html#normal_form"><span class="id" title="definition">normal_form</span></a> <a class="idref" href="Smallstep.html#step"><span class="id" title="inductive">step</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="normal_form_of" class="idref" href="#normal_form_of"><span class="id" title="definition">normal_form_of</span></a> (<a id="t:138" class="idref" href="#t:138"><span class="id" title="binder">t</span></a> <a id="t':139" class="idref" href="#t':139"><span class="id" title="binder">t'</span></a> : <a class="idref" href="Smallstep.html#tm"><span class="id" title="inductive">tm</span></a>) :=<br/>
&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#t:138"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#t':139"><span class="id" title="variable">t'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#step_normal_form"><span class="id" title="definition">step_normal_form</span></a> <a class="idref" href="Smallstep.html#t':139"><span class="id" title="variable">t'</span></a>).<br/>
</div>

<div class="doc">
We have already seen that, for our language, single-step reduction is
    deterministic -- i.e., a given term can take a single step in
    at most one way.  It follows from this that, if <span class="inlinecode"><span class="id" title="var">t</span></span> can reach
    a normal form, then this normal form is unique.  In other words, we
    can actually pronounce <span class="inlinecode"><span class="id" title="var">normal_form</span></span> <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode"><span class="id" title="var">t'</span></span> as "<span class="inlinecode"><span class="id" title="var">t'</span></span> is <i>the</i>
    normal form of <span class="inlinecode"><span class="id" title="var">t</span></span>." 
<div class="paragraph"> </div>

<a id="lab170"></a><h4 class="section">Exercise: 3 stars, standard, optional (normal_forms_unique)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Theorem</span> <a id="normal_forms_unique" class="idref" href="#normal_forms_unique"><span class="id" title="lemma">normal_forms_unique</span></a>:<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#deterministic"><span class="id" title="definition">deterministic</span></a> <a class="idref" href="Smallstep.html#normal_form_of"><span class="id" title="definition">normal_form_of</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;We&nbsp;recommend&nbsp;using&nbsp;this&nbsp;initial&nbsp;setup&nbsp;as-is!&nbsp;*)</span><br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="Smallstep.html#deterministic"><span class="id" title="definition">deterministic</span></a>. <span class="id" title="tactic">unfold</span> <a class="idref" href="Smallstep.html#normal_form_of"><span class="id" title="definition">normal_form_of</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">x</span> <span class="id" title="var">y<sub>1</sub></span> <span class="id" title="var">y<sub>2</sub></span> <span class="id" title="var">P<sub>1</sub></span> <span class="id" title="var">P<sub>2</sub></span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">P<sub>1</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">P<sub>11</sub></span> <span class="id" title="var">P<sub>12</sub></span>].<br/>
&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">P<sub>2</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">P<sub>21</sub></span> <span class="id" title="var">P<sub>22</sub></span>].<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

 Indeed, something stronger is true for this language (though
    not for all languages): the reduction of <i>any</i> term <span class="inlinecode"><span class="id" title="var">t</span></span> will
    eventually reach a normal form -- i.e., <span class="inlinecode"><span class="id" title="var">normal_form_of</span></span> is a
    <i>total</i> function.  We say the <span class="inlinecode"><span class="id" title="var">step</span></span> relation is <i>normalizing</i>. 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="normalizing" class="idref" href="#normalizing"><span class="id" title="definition">normalizing</span></a> {<a id="X:140" class="idref" href="#X:140"><span class="id" title="binder">X</span></a> : <span class="id" title="keyword">Type</span>} (<a id="R:141" class="idref" href="#R:141"><span class="id" title="binder">R</span></a> : <a class="idref" href="Smallstep.html#relation"><span class="id" title="definition">relation</span></a> <a class="idref" href="Smallstep.html#X:140"><span class="id" title="variable">X</span></a>) :=<br/>
&nbsp;&nbsp;<span class="id" title="keyword">∀</span> <a id="t:142" class="idref" href="#t:142"><span class="id" title="binder">t</span></a>, <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="t':143" class="idref" href="#t':143"><span class="id" title="binder">t'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#multi"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#R:141"><span class="id" title="variable">R</span></a>) <a class="idref" href="Smallstep.html#t:142"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#t':143"><span class="id" title="variable">t'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#normal_form"><span class="id" title="definition">normal_form</span></a> <a class="idref" href="Smallstep.html#R:141"><span class="id" title="variable">R</span></a> <a class="idref" href="Smallstep.html#t':143"><span class="id" title="variable">t'</span></a>.<br/>
</div>

<div class="doc">
To prove that <span class="inlinecode"><span class="id" title="var">step</span></span> is normalizing, we need a couple of lemmas.

<div class="paragraph"> </div>

    First, we observe that, if <span class="inlinecode"><span class="id" title="var">t</span></span> reduces to <span class="inlinecode"><span class="id" title="var">t'</span></span> in many steps, then
    the same sequence of reduction steps within <span class="inlinecode"><span class="id" title="var">t</span></span> is also possible
    when <span class="inlinecode"><span class="id" title="var">t</span></span> appears as the first argument to <span class="inlinecode"><span class="id" title="var">P</span></span>, and
    similarly when <span class="inlinecode"><span class="id" title="var">t</span></span> appears as the second argument to <span class="inlinecode"><span class="id" title="var">P</span></span>
    when the first argument is a value. 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="multistep_congr_1" class="idref" href="#multistep_congr_1"><span class="id" title="lemma">multistep_congr_1</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:144" class="idref" href="#t<sub>1</sub>:144"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':145" class="idref" href="#t<sub>1</sub>':145"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:146" class="idref" href="#t<sub>2</sub>:146"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:144"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':145"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:144"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:146"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':145"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:146"><span class="id" title="variable">t<sub>2</sub></span></a>.<br/>
<div class="togglescript" id="proofcontrol11" onclick="toggleDisplay('proof11');toggleDisplay('proofcontrol11')"><span class="show"></span></div>
<div class="proofscript" id="proof11" onclick="toggleDisplay('proof11');toggleDisplay('proofcontrol11')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">t<sub>1</sub></span> <span class="id" title="var">t<sub>1</sub>'</span> <span class="id" title="var">t<sub>2</sub></span> <span class="id" title="var">H</span>. <span class="id" title="tactic">induction</span> <span class="id" title="var">H</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;multi_refl&nbsp;*)</span> <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;multi_step&nbsp;*)</span> <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a> <span class="id" title="keyword">with</span> (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <span class="id" title="var">y</span> <span class="id" title="var">t<sub>2</sub></span>).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a>. <span class="id" title="tactic">apply</span> <span class="id" title="var">H</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="id" title="tactic">apply</span> <span class="id" title="var">IHmulti</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab171"></a><h4 class="section">Exercise: 2 stars, standard (multistep_congr_2)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Lemma</span> <a id="multistep_congr_2" class="idref" href="#multistep_congr_2"><span class="id" title="lemma">multistep_congr_2</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:147" class="idref" href="#t<sub>1</sub>:147"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:148" class="idref" href="#t<sub>2</sub>:148"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>2</sub>':149" class="idref" href="#t<sub>2</sub>':149"><span class="id" title="binder">t<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:147"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>2</sub>:148"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':149"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:147"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:148"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:147"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':149"><span class="id" title="variable">t<sub>2</sub>'</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

 With these lemmas in hand, the main proof is a straightforward
    induction.

<div class="paragraph"> </div>

    <i>Theorem</i>: The <span class="inlinecode"><span class="id" title="var">step</span></span> function is normalizing -- i.e., for every
    <span class="inlinecode"><span class="id" title="var">t</span></span> there exists some <span class="inlinecode"><span class="id" title="var">t'</span></span> such that <span class="inlinecode"><span class="id" title="var">t</span></span> reduces to <span class="inlinecode"><span class="id" title="var">t'</span></span> and <span class="inlinecode"><span class="id" title="var">t'</span></span>
    is a normal form.

<div class="paragraph"> </div>

    <i>Proof sketch</i>: By induction on terms.  There are two cases to
    consider:

<div class="paragraph"> </div>

<ul class="doclist">
<li> <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode">=</span> <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n</span></span> for some <span class="inlinecode"><span class="id" title="var">n</span></span>.  Here <span class="inlinecode"><span class="id" title="var">t</span></span> doesn't take a step, and we
      have <span class="inlinecode"><span class="id" title="var">t'</span></span> <span class="inlinecode">=</span> <span class="inlinecode"><span class="id" title="var">t</span></span>.  We can derive the left-hand side by reflexivity
      and the right-hand side by observing (a) that values are normal
      forms (by <span class="inlinecode"><span class="id" title="var">nf_same_as_value</span></span>) and (b) that <span class="inlinecode"><span class="id" title="var">t</span></span> is a value (by
      <span class="inlinecode"><span class="id" title="var">v_const</span></span>).

<div class="paragraph"> </div>


</li>
<li> <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode">=</span> <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> for some <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span>.  By the IH, <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span>
      reduce to normal forms <span class="inlinecode"><span class="id" title="var">t<sub>1</sub>'</span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub>'</span></span>.  Recall that normal
      forms are values (by <span class="inlinecode"><span class="id" title="var">nf_same_as_value</span></span>); we therefore know that
      <span class="inlinecode"><span class="id" title="var">t<sub>1</sub>'</span></span> <span class="inlinecode">=</span> <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub>'</span></span> <span class="inlinecode">=</span> <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n<sub>2</sub></span></span>, for some <span class="inlinecode"><span class="id" title="var">n<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">n<sub>2</sub></span></span>.  We can
      combine the <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span> derivations for <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> using
      <span class="inlinecode"><span class="id" title="var">multi_congr_1</span></span> and <span class="inlinecode"><span class="id" title="var">multi_congr_2</span></span> to prove that <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span>
      reduces in many steps to <span class="inlinecode"><span class="id" title="var">t'</span></span> <span class="inlinecode">=</span> <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode">(<span class="id" title="var">n<sub>1</sub></span></span> <span class="inlinecode">+</span> <span class="inlinecode"><span class="id" title="var">n<sub>2</sub></span>)</span>.

<div class="paragraph"> </div>

      Finally, <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode">(<span class="id" title="var">n<sub>1</sub></span></span> <span class="inlinecode">+</span> <span class="inlinecode"><span class="id" title="var">n<sub>2</sub></span>)</span> is a value, which is in turn a normal
      form by <span class="inlinecode"><span class="id" title="var">nf_same_as_value</span></span>. <font size=-2>&#9744;</font> 

</li>
</ul>
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="step_normalizing" class="idref" href="#step_normalizing"><span class="id" title="lemma">step_normalizing</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#normalizing"><span class="id" title="definition">normalizing</span></a> <a class="idref" href="Smallstep.html#step"><span class="id" title="inductive">step</span></a>.<br/>
<div class="togglescript" id="proofcontrol12" onclick="toggleDisplay('proof12');toggleDisplay('proofcontrol12')"><span class="show"></span></div>
<div class="proofscript" id="proof12" onclick="toggleDisplay('proof12');toggleDisplay('proofcontrol12')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="Smallstep.html#normalizing"><span class="id" title="definition">normalizing</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">t</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;C&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <span class="id" title="var">n</span>).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">split</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;l&nbsp;*)</span> <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;r&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="comment">(*&nbsp;We&nbsp;can&nbsp;use&nbsp;<span class="inlinecode"><span class="id" title="tactic">rewrite</span></span>&nbsp;with&nbsp;"iff"&nbsp;statements,&nbsp;not<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;just&nbsp;equalities:&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#nf_same_as_value"><span class="id" title="lemma">nf_same_as_value</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#v_const"><span class="id" title="constructor">v_const</span></a>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;P&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">IHt1</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>1</sub>'</span> [<span class="id" title="var">Hsteps1</span> <span class="id" title="var">Hnormal1</span>] ].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">IHt2</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>2</sub>'</span> [<span class="id" title="var">Hsteps2</span> <span class="id" title="var">Hnormal2</span>] ].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#nf_same_as_value"><span class="id" title="lemma">nf_same_as_value</span></a> <span class="id" title="keyword">in</span> <span class="id" title="var">Hnormal1</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#nf_same_as_value"><span class="id" title="lemma">nf_same_as_value</span></a> <span class="id" title="keyword">in</span> <span class="id" title="var">Hnormal2</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Hnormal1</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">n<sub>1</sub></span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Hnormal2</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">n<sub>2</sub></span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> (<span class="id" title="var">n<sub>1</sub></span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <span class="id" title="var">n<sub>2</sub></span>)).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">split</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;l&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_trans"><span class="id" title="lemma">multi_trans</span></a> <span class="id" title="keyword">with</span> (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <span class="id" title="var">n<sub>1</sub></span>) <span class="id" title="var">t<sub>2</sub></span>).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multistep_congr_1"><span class="id" title="lemma">multistep_congr_1</span></a>. <span class="id" title="tactic">apply</span> <span class="id" title="var">Hsteps1</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_trans"><span class="id" title="lemma">multi_trans</span></a> <span class="id" title="keyword">with</span> (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <span class="id" title="var">n<sub>1</sub></span>) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <span class="id" title="var">n<sub>2</sub></span>)).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{ <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multistep_congr_2"><span class="id" title="axiom">multistep_congr_2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#v_const"><span class="id" title="constructor">v_const</span></a>. <span class="id" title="tactic">apply</span> <span class="id" title="var">Hsteps2</span>. }<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_R"><span class="id" title="lemma">multi_R</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;r&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#nf_same_as_value"><span class="id" title="lemma">nf_same_as_value</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#v_const"><span class="id" title="constructor">v_const</span></a>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab172"></a><h2 class="section">Equivalence of Big-Step and Small-Step</h2>

<div class="paragraph"> </div>

 Having defined the operational semantics of our tiny programming
    language in two different ways (big-step and small-step), it makes
    sense to ask whether these definitions actually define the same
    thing! 
<div class="paragraph"> </div>

 They do, though it takes a little work to show it.  The
    details are left as an exercise. 
<div class="paragraph"> </div>

<a id="lab173"></a><h4 class="section">Exercise: 3 stars, standard (eval__multistep)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Theorem</span> <a id="eval__multistep" class="idref" href="#eval__multistep"><span class="id" title="lemma">eval__multistep</span></a> : <span class="id" title="keyword">∀</span> <a id="t:150" class="idref" href="#t:150"><span class="id" title="binder">t</span></a> <a id="n:151" class="idref" href="#n:151"><span class="id" title="binder">n</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t:150"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">==&gt;</span></a> <a class="idref" href="Smallstep.html#n:151"><span class="id" title="variable">n</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#t:150"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n:151"><span class="id" title="variable">n</span></a>.<br/>
</div>

<div class="doc">
The key ideas in the proof can be seen in the following picture:
<br/>
<span class="inlinecode">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">P</span> <span class="id" title="var">t<sub>1</sub></span> <span class="id" title="var">t<sub>2</sub></span> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>            (<span class="id" title="tactic">by</span> <span class="id" title="var">ST_Plus1</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">P</span> <span class="id" title="var">t<sub>1</sub>'</span> <span class="id" title="var">t<sub>2</sub></span> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>           (<span class="id" title="tactic">by</span> <span class="id" title="var">ST_Plus1</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">P</span> <span class="id" title="var">t<sub>1</sub>''</span> <span class="id" title="var">t<sub>2</sub></span> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>          (<span class="id" title="tactic">by</span> <span class="id" title="var">ST_Plus1</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">P</span> (<span class="id" title="var">C</span> <span class="id" title="var">n<sub>1</sub></span>) <span class="id" title="var">t<sub>2</sub></span> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>        (<span class="id" title="tactic">by</span> <span class="id" title="var">ST_Plus2</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">P</span> (<span class="id" title="var">C</span> <span class="id" title="var">n<sub>1</sub></span>) <span class="id" title="var">t<sub>2</sub>'</span> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>       (<span class="id" title="tactic">by</span> <span class="id" title="var">ST_Plus2</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">P</span> (<span class="id" title="var">C</span> <span class="id" title="var">n<sub>1</sub></span>) <span class="id" title="var">t<sub>2</sub>''</span> <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>      (<span class="id" title="tactic">by</span> <span class="id" title="var">ST_Plus2</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">P</span> (<span class="id" title="var">C</span> <span class="id" title="var">n<sub>1</sub></span>) (<span class="id" title="var">C</span> <span class="id" title="var">n<sub>2</sub></span>) <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>    (<span class="id" title="tactic">by</span> <span class="id" title="var">ST_PlusConstConst</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">C</span> (<span class="id" title="var">n<sub>1</sub></span> + <span class="id" title="var">n<sub>2</sub></span>)
</span>    That is, the multistep reduction of a term of the form <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span>
    proceeds in three phases:
<ul class="doclist">
<li> First, we use <span class="inlinecode"><span class="id" title="var">ST_Plus1</span></span> some number of times to reduce <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span>
         to a normal form, which must (by <span class="inlinecode"><span class="id" title="var">nf_same_as_value</span></span>) be a
         term of the form <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n<sub>1</sub></span></span> for some <span class="inlinecode"><span class="id" title="var">n<sub>1</sub></span></span>.

</li>
<li> Next, we use <span class="inlinecode"><span class="id" title="var">ST_Plus2</span></span> some number of times to reduce <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span>
         to a normal form, which must again be a term of the form <span class="inlinecode"><span class="id" title="var">C</span></span>
         <span class="inlinecode"><span class="id" title="var">n<sub>2</sub></span></span> for some <span class="inlinecode"><span class="id" title="var">n<sub>2</sub></span></span>.

</li>
<li> Finally, we use <span class="inlinecode"><span class="id" title="var">ST_PlusConstConst</span></span> one time to reduce <span class="inlinecode"><span class="id" title="var">P</span></span> <span class="inlinecode">(<span class="id" title="var">C</span></span>
         <span class="inlinecode"><span class="id" title="var">n<sub>1</sub></span>)</span> <span class="inlinecode">(<span class="id" title="var">C</span></span> <span class="inlinecode"><span class="id" title="var">n<sub>2</sub></span>)</span> to <span class="inlinecode"><span class="id" title="var">C</span></span> <span class="inlinecode">(<span class="id" title="var">n<sub>1</sub></span></span> <span class="inlinecode">+</span> <span class="inlinecode"><span class="id" title="var">n<sub>2</sub></span>)</span>. 
</li>
</ul>

<div class="paragraph"> </div>

 To formalize this intuition, you'll need to use the congruence
    lemmas from above (you might want to review them now, so that
    you'll be able to recognize when they are useful), plus some basic
    properties of <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span>: that it is reflexive, transitive, and
    includes <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span>. 
</div>
<div class="code">

<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

<a id="lab174"></a><h4 class="section">Exercise: 3 stars, advanced (eval__multistep_inf)</h4>
 Write a detailed informal version of the proof of <span class="inlinecode"><span class="id" title="var">eval__multistep</span></span>.

<div class="paragraph"> </div>

<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/>

</div>
<div class="code">

<span class="comment">(*&nbsp;Do&nbsp;not&nbsp;modify&nbsp;the&nbsp;following&nbsp;line:&nbsp;*)</span><br/>
<span class="id" title="keyword">Definition</span> <a id="manual_grade_for_eval__multistep_inf" class="idref" href="#manual_grade_for_eval__multistep_inf"><span class="id" title="definition">manual_grade_for_eval__multistep_inf</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#option"><span class="id" title="inductive">option</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>) := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#None"><span class="id" title="constructor">None</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

 For the other direction, we need one lemma, which establishes a
    relation between single-step reduction and big-step evaluation. 
<div class="paragraph"> </div>

<a id="lab175"></a><h4 class="section">Exercise: 3 stars, standard (step__eval)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Lemma</span> <a id="step__eval" class="idref" href="#step__eval"><span class="id" title="lemma">step__eval</span></a> : <span class="id" title="keyword">∀</span> <a id="t:152" class="idref" href="#t:152"><span class="id" title="binder">t</span></a> <a id="t':153" class="idref" href="#t':153"><span class="id" title="binder">t'</span></a> <a id="n:154" class="idref" href="#n:154"><span class="id" title="binder">n</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t:152"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t':153"><span class="id" title="variable">t'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t':153"><span class="id" title="variable">t'</span></a> <a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">==&gt;</span></a> <a class="idref" href="Smallstep.html#n:154"><span class="id" title="variable">n</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t:152"><span class="id" title="variable">t</span></a>  <a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">==&gt;</span></a> <a class="idref" href="Smallstep.html#n:154"><span class="id" title="variable">n</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">t</span> <span class="id" title="var">t'</span> <span class="id" title="var">n</span> <span class="id" title="var">Hs</span>. <span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">n</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

 The fact that small-step reduction implies big-step evaluation is now
    straightforward to prove.

<div class="paragraph"> </div>

    The proof proceeds by induction on the multi-step reduction
    sequence that is buried in the hypothesis <span class="inlinecode"><span class="id" title="var">normal_form_of</span></span> <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode"><span class="id" title="var">t'</span></span>. 
<div class="paragraph"> </div>

 Make sure you understand the statement before you start to
    work on the proof.  
<div class="paragraph"> </div>

<a id="lab176"></a><h4 class="section">Exercise: 3 stars, standard (multistep__eval)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Theorem</span> <a id="multistep__eval" class="idref" href="#multistep__eval"><span class="id" title="lemma">multistep__eval</span></a> : <span class="id" title="keyword">∀</span> <a id="t:155" class="idref" href="#t:155"><span class="id" title="binder">t</span></a> <a id="t':156" class="idref" href="#t':156"><span class="id" title="binder">t'</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#normal_form_of"><span class="id" title="definition">normal_form_of</span></a> <a class="idref" href="Smallstep.html#t:155"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#t':156"><span class="id" title="variable">t'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="n:157" class="idref" href="#n:157"><span class="id" title="binder">n</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#t':156"><span class="id" title="variable">t'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n:157"><span class="id" title="variable">n</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#t:155"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">==&gt;</span></a> <a class="idref" href="Smallstep.html#n:157"><span class="id" title="variable">n</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab177"></a><h2 class="section">Additional Exercises</h2>

<div class="paragraph"> </div>

<a id="lab178"></a><h4 class="section">Exercise: 3 stars, standard, optional (interp_tm)</h4>
 Remember that we also defined big-step evaluation of terms as a
    function <span class="inlinecode"><span class="id" title="var">evalF</span></span>.  Prove that it is equivalent to the existing
    semantics.  (Hint: we just proved that <span class="inlinecode"><span class="id" title="tactic">eval</span></span> and <span class="inlinecode"><span class="id" title="var">multistep</span></span> are
    equivalent, so logically it doesn't matter which you choose.
    One will be easier than the other, though!) 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="evalF_eval" class="idref" href="#evalF_eval"><span class="id" title="lemma">evalF_eval</span></a> : <span class="id" title="keyword">∀</span> <a id="t:158" class="idref" href="#t:158"><span class="id" title="binder">t</span></a> <a id="n:159" class="idref" href="#n:159"><span class="id" title="binder">n</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#evalF"><span class="id" title="definition">evalF</span></a> <a class="idref" href="Smallstep.html#t:158"><span class="id" title="variable">t</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="Smallstep.html#n:159"><span class="id" title="variable">n</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'&lt;-&gt;'_x"><span class="id" title="notation">↔</span></a> <a class="idref" href="Smallstep.html#t:158"><span class="id" title="variable">t</span></a> <a class="idref" href="Smallstep.html#7cf9375cc810cd6cb65186f6ede01686"><span class="id" title="notation">==&gt;</span></a> <a class="idref" href="Smallstep.html#n:159"><span class="id" title="variable">n</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

<a id="lab179"></a><h4 class="section">Exercise: 4 stars, standard (combined_properties)</h4>
 We've considered arithmetic and conditional expressions
    separately.  This exercise explores how the two interact. 
</div>
<div class="code">

<span class="id" title="keyword">Module</span> <a id="Combined" class="idref" href="#Combined"><span class="id" title="module">Combined</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Combined.tm" class="idref" href="#Combined.tm"><span class="id" title="inductive">tm</span></a> : <span class="id" title="keyword">Type</span> :=<br/>
&nbsp;&nbsp;| <a id="Combined.C" class="idref" href="#Combined.C"><span class="id" title="constructor">C</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:160"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="Combined.P" class="idref" href="#Combined.P"><span class="id" title="constructor">P</span></a> : <a class="idref" href="Smallstep.html#tm:160"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:160"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:160"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="Combined.tru" class="idref" href="#Combined.tru"><span class="id" title="constructor">tru</span></a> : <a class="idref" href="Smallstep.html#tm:160"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="Combined.fls" class="idref" href="#Combined.fls"><span class="id" title="constructor">fls</span></a> : <a class="idref" href="Smallstep.html#tm:160"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="Combined.test" class="idref" href="#Combined.test"><span class="id" title="constructor">test</span></a> : <a class="idref" href="Smallstep.html#tm:160"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:160"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:160"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#tm:160"><span class="id" title="inductive">tm</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Combined.value" class="idref" href="#Combined.value"><span class="id" title="inductive">value</span></a> : <a class="idref" href="Smallstep.html#Combined.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Combined.v_const" class="idref" href="#Combined.v_const"><span class="id" title="constructor">v_const</span></a> : <span class="id" title="keyword">∀</span> <a id="n:164" class="idref" href="#n:164"><span class="id" title="binder">n</span></a>, <a class="idref" href="Smallstep.html#value:162"><span class="id" title="inductive">value</span></a> (<a class="idref" href="Smallstep.html#Combined.C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n:164"><span class="id" title="variable">n</span></a>)<br/>
&nbsp;&nbsp;| <a id="Combined.v_tru" class="idref" href="#Combined.v_tru"><span class="id" title="constructor">v_tru</span></a> : <a class="idref" href="Smallstep.html#value:162"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#Combined.tru"><span class="id" title="constructor">tru</span></a><br/>
&nbsp;&nbsp;| <a id="Combined.v_fls" class="idref" href="#Combined.v_fls"><span class="id" title="constructor">v_fls</span></a> : <a class="idref" href="Smallstep.html#value:162"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#Combined.fls"><span class="id" title="constructor">fls</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Reserved Notation</span> &quot; t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="Combined.step" class="idref" href="#Combined.step"><span class="id" title="inductive">step</span></a> : <a class="idref" href="Smallstep.html#Combined.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#Combined.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="Combined.ST_PlusConstConst" class="idref" href="#Combined.ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a> : <span class="id" title="keyword">∀</span> <a id="n<sub>1</sub>:167" class="idref" href="#n<sub>1</sub>:167"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:168" class="idref" href="#n<sub>2</sub>:168"><span class="id" title="binder">n<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Combined.P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#Combined.C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>1</sub>:167"><span class="id" title="variable">n<sub>1</sub></span></a>) (<a class="idref" href="Smallstep.html#Combined.C"><span class="id" title="constructor">C</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:168"><span class="id" title="variable">n<sub>2</sub></span></a>) <a class="idref" href="Smallstep.html#Combined.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#Combined.C"><span class="id" title="constructor">C</span></a> (<a class="idref" href="Smallstep.html#n<sub>1</sub>:167"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:168"><span class="id" title="variable">n<sub>2</sub></span></a>)<br/>
&nbsp;&nbsp;| <a id="Combined.ST_Plus1" class="idref" href="#Combined.ST_Plus1"><span class="id" title="constructor">ST_Plus1</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:169" class="idref" href="#t<sub>1</sub>:169"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':170" class="idref" href="#t<sub>1</sub>':170"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:171" class="idref" href="#t<sub>2</sub>:171"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:169"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#Combined.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':170"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Combined.P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:169"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:171"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Combined.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#Combined.P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':170"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:171"><span class="id" title="variable">t<sub>2</sub></span></a><br/>
&nbsp;&nbsp;| <a id="Combined.ST_Plus2" class="idref" href="#Combined.ST_Plus2"><span class="id" title="constructor">ST_Plus2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:172" class="idref" href="#v<sub>1</sub>:172"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="t<sub>2</sub>:173" class="idref" href="#t<sub>2</sub>:173"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>2</sub>':174" class="idref" href="#t<sub>2</sub>':174"><span class="id" title="binder">t<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Combined.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:172"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>2</sub>:173"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Combined.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':174"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Combined.P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:172"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:173"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Combined.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#Combined.P"><span class="id" title="constructor">P</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:172"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>':174"><span class="id" title="variable">t<sub>2</sub>'</span></a><br/>
&nbsp;&nbsp;| <a id="Combined.ST_IfTrue" class="idref" href="#Combined.ST_IfTrue"><span class="id" title="constructor">ST_IfTrue</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:175" class="idref" href="#t<sub>1</sub>:175"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:176" class="idref" href="#t<sub>2</sub>:176"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Combined.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Combined.tru"><span class="id" title="constructor">tru</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:175"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:176"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Combined.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:175"><span class="id" title="variable">t<sub>1</sub></span></a><br/>
&nbsp;&nbsp;| <a id="Combined.ST_IfFalse" class="idref" href="#Combined.ST_IfFalse"><span class="id" title="constructor">ST_IfFalse</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:177" class="idref" href="#t<sub>1</sub>:177"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:178" class="idref" href="#t<sub>2</sub>:178"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Combined.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#Combined.fls"><span class="id" title="constructor">fls</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:177"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:178"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#Combined.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:178"><span class="id" title="variable">t<sub>2</sub></span></a><br/>
&nbsp;&nbsp;| <a id="Combined.ST_If" class="idref" href="#Combined.ST_If"><span class="id" title="constructor">ST_If</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:179" class="idref" href="#t<sub>1</sub>:179"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':180" class="idref" href="#t<sub>1</sub>':180"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:181" class="idref" href="#t<sub>2</sub>:181"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>3</sub>:182" class="idref" href="#t<sub>3</sub>:182"><span class="id" title="binder">t<sub>3</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#t<sub>1</sub>:179"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#Combined.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':180"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#Combined.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>:179"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:181"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>3</sub>:182"><span class="id" title="variable">t<sub>3</sub></span></a> <a class="idref" href="Smallstep.html#Combined.:::x_'--&gt;'_x"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#Combined.test"><span class="id" title="constructor">test</span></a> <a class="idref" href="Smallstep.html#t<sub>1</sub>':180"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#t<sub>2</sub>:181"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#t<sub>3</sub>:182"><span class="id" title="variable">t<sub>3</sub></span></a><br/>
<br/>
&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id="Combined.:::x_'--&gt;'_x" class="idref" href="#Combined.:::x_'--&gt;'_x"><span class="id" title="notation">&quot;</span></a> t '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' " := (<a class="idref" href="Smallstep.html#step:166"><span class="id" title="inductive">step</span></a> <span class="id" title="var">t</span> <span class="id" title="var">t'</span>).<br/>
</div>

<div class="doc">
Earlier, we separately proved for both plus- and if-expressions...

<div class="paragraph"> </div>

<ul class="doclist">
<li> that the step relation was deterministic, and

<div class="paragraph"> </div>


</li>
<li> a strong progress lemma, stating that every term is either a
      value or can take a step.

</li>
</ul>

<div class="paragraph"> </div>

    Formally prove or disprove these two properties for the combined
    language.  (That is, state a theorem saying that the property
    holds or does not hold, and prove your theorem.) 
</div>
<div class="code">

<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">End</span> <a class="idref" href="Smallstep.html#Combined"><span class="id" title="module">Combined</span></a>.<br/><hr class='doublespaceincode'/>
<span class="comment">(*&nbsp;Do&nbsp;not&nbsp;modify&nbsp;the&nbsp;following&nbsp;line:&nbsp;*)</span><br/>
<span class="id" title="keyword">Definition</span> <a id="manual_grade_for_combined_properties" class="idref" href="#manual_grade_for_combined_properties"><span class="id" title="definition">manual_grade_for_combined_properties</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#option"><span class="id" title="inductive">option</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>) := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#None"><span class="id" title="constructor">None</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab180"></a><h1 class="section">Small-Step Imp</h1>

<div class="paragraph"> </div>

 Now for a more serious example: a small-step version of the Imp
    operational semantics. 
<div class="paragraph"> </div>

 The small-step reduction relations for arithmetic and
    boolean expressions are straightforward extensions of the tiny
    language we've been working up to now.  To make them easier to
    read, we introduce the symbolic notations <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span><span class="id" title="var">a</span></span> and <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span><span class="id" title="var">b</span></span> for
    the arithmetic and boolean step relations. 
</div>
<div class="code">

<span class="id" title="keyword">Inductive</span> <a id="aval" class="idref" href="#aval"><span class="id" title="inductive">aval</span></a> : <span class="id" title="inductive">aexp</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="av_num" class="idref" href="#av_num"><span class="id" title="constructor">av_num</span></a> : <span class="id" title="keyword">∀</span> <a id="n:185" class="idref" href="#n:185"><span class="id" title="binder">n</span></a>, <a class="idref" href="Smallstep.html#aval:183"><span class="id" title="inductive">aval</span></a> (<span class="id" title="constructor">ANum</span> <a class="idref" href="Smallstep.html#n:185"><span class="id" title="variable">n</span></a>).<br/>
</div>

<div class="doc">
We are not actually going to bother to define boolean
    values, since they aren't needed in the definition of <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span><span class="id" title="var">b</span></span>
    below (why?), though they might be if our language were a bit
    more complicated (why?). 
</div>
<div class="code">

<span class="id" title="keyword">Reserved Notation</span> &quot; a '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>a' a' "<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40, <span class="id" title="var">st</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="astep" class="idref" href="#astep"><span class="id" title="inductive">astep</span></a> (<a id="st:186" class="idref" href="#st:186"><span class="id" title="binder">st</span></a> : <span class="id" title="definition">state</span>) : <span class="id" title="inductive">aexp</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="inductive">aexp</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="AS_Id" class="idref" href="#AS_Id"><span class="id" title="constructor">AS_Id</span></a> : <span class="id" title="keyword">∀</span> (<a id="i:189" class="idref" href="#i:189"><span class="id" title="binder">i</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#i:189"><span class="id" title="variable">i</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#i:189"><span class="id" title="variable">i</span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="AS_Plus1" class="idref" href="#AS_Plus1"><span class="id" title="constructor">AS_Plus1</span></a> : <span class="id" title="keyword">∀</span> <a id="a<sub>1</sub>:190" class="idref" href="#a<sub>1</sub>:190"><span class="id" title="binder">a<sub>1</sub></span></a> <a id="a<sub>1</sub>':191" class="idref" href="#a<sub>1</sub>':191"><span class="id" title="binder">a<sub>1</sub>'</span></a> <a id="a<sub>2</sub>:192" class="idref" href="#a<sub>2</sub>:192"><span class="id" title="binder">a<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>1</sub>:190"><span class="id" title="variable">a<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>1</sub>':191"><span class="id" title="variable">a<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>:190"><span class="id" title="variable">a<sub>1</sub></span></a> <span class="id" title="notation">+</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:192"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>':191"><span class="id" title="variable">a<sub>1</sub>'</span></a> <span class="id" title="notation">+</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:192"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span><br/>
&nbsp;&nbsp;| <a id="AS_Plus2" class="idref" href="#AS_Plus2"><span class="id" title="constructor">AS_Plus2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:193" class="idref" href="#v<sub>1</sub>:193"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="a<sub>2</sub>:194" class="idref" href="#a<sub>2</sub>:194"><span class="id" title="binder">a<sub>2</sub></span></a> <a id="a<sub>2</sub>':195" class="idref" href="#a<sub>2</sub>':195"><span class="id" title="binder">a<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#aval"><span class="id" title="inductive">aval</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:193"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>2</sub>:194"><span class="id" title="variable">a<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>2</sub>':195"><span class="id" title="variable">a<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#v<sub>1</sub>:193"><span class="id" title="variable">v<sub>1</sub></span></a> <span class="id" title="notation">+</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:194"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span>  <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#v<sub>1</sub>:193"><span class="id" title="variable">v<sub>1</sub></span></a> <span class="id" title="notation">+</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>':195"><span class="id" title="variable">a<sub>2</sub>'</span></a> <span class="id" title="notation">}&gt;</span><br/>
&nbsp;&nbsp;| <a id="AS_Plus" class="idref" href="#AS_Plus"><span class="id" title="constructor">AS_Plus</span></a> : <span class="id" title="keyword">∀</span> (<a id="n<sub>1</sub>:196" class="idref" href="#n<sub>1</sub>:196"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:197" class="idref" href="#n<sub>2</sub>:197"><span class="id" title="binder">n<sub>2</sub></span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#n<sub>1</sub>:196"><span class="id" title="variable">n<sub>1</sub></span></a> <span class="id" title="notation">+</span> <a class="idref" href="Smallstep.html#n<sub>2</sub>:197"><span class="id" title="variable">n<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#n<sub>1</sub>:196"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:197"><span class="id" title="variable">n<sub>2</sub></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="AS_Minus1" class="idref" href="#AS_Minus1"><span class="id" title="constructor">AS_Minus1</span></a> : <span class="id" title="keyword">∀</span> <a id="a<sub>1</sub>:198" class="idref" href="#a<sub>1</sub>:198"><span class="id" title="binder">a<sub>1</sub></span></a> <a id="a<sub>1</sub>':199" class="idref" href="#a<sub>1</sub>':199"><span class="id" title="binder">a<sub>1</sub>'</span></a> <a id="a<sub>2</sub>:200" class="idref" href="#a<sub>2</sub>:200"><span class="id" title="binder">a<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>1</sub>:198"><span class="id" title="variable">a<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>1</sub>':199"><span class="id" title="variable">a<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>:198"><span class="id" title="variable">a<sub>1</sub></span></a> <span class="id" title="notation">-</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:200"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>':199"><span class="id" title="variable">a<sub>1</sub>'</span></a> <span class="id" title="notation">-</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:200"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span><br/>
&nbsp;&nbsp;| <a id="AS_Minus2" class="idref" href="#AS_Minus2"><span class="id" title="constructor">AS_Minus2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:201" class="idref" href="#v<sub>1</sub>:201"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="a<sub>2</sub>:202" class="idref" href="#a<sub>2</sub>:202"><span class="id" title="binder">a<sub>2</sub></span></a> <a id="a<sub>2</sub>':203" class="idref" href="#a<sub>2</sub>':203"><span class="id" title="binder">a<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#aval"><span class="id" title="inductive">aval</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:201"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>2</sub>:202"><span class="id" title="variable">a<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>2</sub>':203"><span class="id" title="variable">a<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#v<sub>1</sub>:201"><span class="id" title="variable">v<sub>1</sub></span></a> <span class="id" title="notation">-</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:202"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span>  <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#v<sub>1</sub>:201"><span class="id" title="variable">v<sub>1</sub></span></a> <span class="id" title="notation">-</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>':203"><span class="id" title="variable">a<sub>2</sub>'</span></a> <span class="id" title="notation">}&gt;</span><br/>
&nbsp;&nbsp;| <a id="AS_Minus" class="idref" href="#AS_Minus"><span class="id" title="constructor">AS_Minus</span></a> : <span class="id" title="keyword">∀</span> (<a id="n<sub>1</sub>:204" class="idref" href="#n<sub>1</sub>:204"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:205" class="idref" href="#n<sub>2</sub>:205"><span class="id" title="binder">n<sub>2</sub></span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#n<sub>1</sub>:204"><span class="id" title="variable">n<sub>1</sub></span></a> <span class="id" title="notation">-</span> <a class="idref" href="Smallstep.html#n<sub>2</sub>:205"><span class="id" title="variable">n<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#n<sub>1</sub>:204"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#::nat_scope:x_'-'_x"><span class="id" title="notation">-</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:205"><span class="id" title="variable">n<sub>2</sub></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="AS_Mult1" class="idref" href="#AS_Mult1"><span class="id" title="constructor">AS_Mult1</span></a> : <span class="id" title="keyword">∀</span> <a id="a<sub>1</sub>:206" class="idref" href="#a<sub>1</sub>:206"><span class="id" title="binder">a<sub>1</sub></span></a> <a id="a<sub>1</sub>':207" class="idref" href="#a<sub>1</sub>':207"><span class="id" title="binder">a<sub>1</sub>'</span></a> <a id="a<sub>2</sub>:208" class="idref" href="#a<sub>2</sub>:208"><span class="id" title="binder">a<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>1</sub>:206"><span class="id" title="variable">a<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>1</sub>':207"><span class="id" title="variable">a<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>:206"><span class="id" title="variable">a<sub>1</sub></span></a> <span class="id" title="notation">×</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:208"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>':207"><span class="id" title="variable">a<sub>1</sub>'</span></a> <span class="id" title="notation">×</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:208"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span><br/>
&nbsp;&nbsp;| <a id="AS_Mult2" class="idref" href="#AS_Mult2"><span class="id" title="constructor">AS_Mult2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:209" class="idref" href="#v<sub>1</sub>:209"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="a<sub>2</sub>:210" class="idref" href="#a<sub>2</sub>:210"><span class="id" title="binder">a<sub>2</sub></span></a> <a id="a<sub>2</sub>':211" class="idref" href="#a<sub>2</sub>':211"><span class="id" title="binder">a<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#aval"><span class="id" title="inductive">aval</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:209"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>2</sub>:210"><span class="id" title="variable">a<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>2</sub>':211"><span class="id" title="variable">a<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#v<sub>1</sub>:209"><span class="id" title="variable">v<sub>1</sub></span></a> <span class="id" title="notation">×</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:210"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span>  <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#v<sub>1</sub>:209"><span class="id" title="variable">v<sub>1</sub></span></a> <span class="id" title="notation">×</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>':211"><span class="id" title="variable">a<sub>2</sub>'</span></a> <span class="id" title="notation">}&gt;</span><br/>
&nbsp;&nbsp;| <a id="AS_Mult" class="idref" href="#AS_Mult"><span class="id" title="constructor">AS_Mult</span></a> : <span class="id" title="keyword">∀</span> (<a id="n<sub>1</sub>:212" class="idref" href="#n<sub>1</sub>:212"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:213" class="idref" href="#n<sub>2</sub>:213"><span class="id" title="binder">n<sub>2</sub></span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#n<sub>1</sub>:212"><span class="id" title="variable">n<sub>1</sub></span></a> <span class="id" title="notation">×</span> <a class="idref" href="Smallstep.html#n<sub>2</sub>:213"><span class="id" title="variable">n<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:186"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#n<sub>1</sub>:212"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#ea2ff3d561159081cea6fb2e8113cc<sub>54</sub>"><span class="id" title="notation">×</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:213"><span class="id" title="variable">n<sub>2</sub></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">)</span></a><br/>
<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id="f223d501fd6c3a7e915ee72dd3a78dab" class="idref" href="#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">&quot;</span></a> a '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>a' a' " := (<a class="idref" href="Smallstep.html#astep:188"><span class="id" title="inductive">astep</span></a> <span class="id" title="var">st</span> <span class="id" title="var">a</span> <span class="id" title="var">a'</span>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Reserved Notation</span> &quot; b '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>b' b' "<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40, <span class="id" title="var">st</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="bstep" class="idref" href="#bstep"><span class="id" title="inductive">bstep</span></a> (<a id="st:214" class="idref" href="#st:214"><span class="id" title="binder">st</span></a> : <span class="id" title="definition">state</span>) : <span class="id" title="inductive">bexp</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="inductive">bexp</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
| <a id="BS_Eq<sub>1</sub>" class="idref" href="#BS_Eq<sub>1</sub>"><span class="id" title="constructor">BS_Eq<sub>1</sub></span></a> : <span class="id" title="keyword">∀</span> <a id="a<sub>1</sub>:217" class="idref" href="#a<sub>1</sub>:217"><span class="id" title="binder">a<sub>1</sub></span></a> <a id="a<sub>1</sub>':218" class="idref" href="#a<sub>1</sub>':218"><span class="id" title="binder">a<sub>1</sub>'</span></a> <a id="a<sub>2</sub>:219" class="idref" href="#a<sub>2</sub>:219"><span class="id" title="binder">a<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>1</sub>:217"><span class="id" title="variable">a<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>1</sub>':218"><span class="id" title="variable">a<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>:217"><span class="id" title="variable">a<sub>1</sub></span></a> <span class="id" title="notation">=</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:219"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>':218"><span class="id" title="variable">a<sub>1</sub>'</span></a> <span class="id" title="notation">=</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:219"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_Eq<sub>2</sub>" class="idref" href="#BS_Eq<sub>2</sub>"><span class="id" title="constructor">BS_Eq<sub>2</sub></span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:220" class="idref" href="#v<sub>1</sub>:220"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="a<sub>2</sub>:221" class="idref" href="#a<sub>2</sub>:221"><span class="id" title="binder">a<sub>2</sub></span></a> <a id="a<sub>2</sub>':222" class="idref" href="#a<sub>2</sub>':222"><span class="id" title="binder">a<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#aval"><span class="id" title="inductive">aval</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:220"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>2</sub>:221"><span class="id" title="variable">a<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>2</sub>':222"><span class="id" title="variable">a<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#v<sub>1</sub>:220"><span class="id" title="variable">v<sub>1</sub></span></a> <span class="id" title="notation">=</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:221"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#v<sub>1</sub>:220"><span class="id" title="variable">v<sub>1</sub></span></a> <span class="id" title="notation">=</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>':222"><span class="id" title="variable">a<sub>2</sub>'</span></a> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_Eq" class="idref" href="#BS_Eq"><span class="id" title="constructor">BS_Eq</span></a> : <span class="id" title="keyword">∀</span> (<a id="n<sub>1</sub>:223" class="idref" href="#n<sub>1</sub>:223"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:224" class="idref" href="#n<sub>2</sub>:224"><span class="id" title="binder">n<sub>2</sub></span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#n<sub>1</sub>:223"><span class="id" title="variable">n<sub>1</sub></span></a> <span class="id" title="notation">=</span> <a class="idref" href="Smallstep.html#n<sub>2</sub>:224"><span class="id" title="variable">n<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">(</span></a><span class="id" title="keyword">if</span> (<a class="idref" href="Smallstep.html#n<sub>1</sub>:223"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#ad2ec4e405f68c46c0a176e3e94ae2e<sub>3</sub>"><span class="id" title="notation">=?</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:224"><span class="id" title="variable">n<sub>2</sub></span></a>) <span class="id" title="keyword">then</span> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">true</span> <span class="id" title="notation">}&gt;</span> <span class="id" title="keyword">else</span> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">false</span> <span class="id" title="notation">}&gt;</span><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">)</span></a><br/>
| <a id="BS_LtEq1" class="idref" href="#BS_LtEq1"><span class="id" title="constructor">BS_LtEq1</span></a> : <span class="id" title="keyword">∀</span> <a id="a<sub>1</sub>:225" class="idref" href="#a<sub>1</sub>:225"><span class="id" title="binder">a<sub>1</sub></span></a> <a id="a<sub>1</sub>':226" class="idref" href="#a<sub>1</sub>':226"><span class="id" title="binder">a<sub>1</sub>'</span></a> <a id="a<sub>2</sub>:227" class="idref" href="#a<sub>2</sub>:227"><span class="id" title="binder">a<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>1</sub>:225"><span class="id" title="variable">a<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>1</sub>':226"><span class="id" title="variable">a<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>:225"><span class="id" title="variable">a<sub>1</sub></span></a> <span class="id" title="notation">≤</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:227"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>':226"><span class="id" title="variable">a<sub>1</sub>'</span></a> <span class="id" title="notation">≤</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:227"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_LtEq2" class="idref" href="#BS_LtEq2"><span class="id" title="constructor">BS_LtEq2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:228" class="idref" href="#v<sub>1</sub>:228"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="a<sub>2</sub>:229" class="idref" href="#a<sub>2</sub>:229"><span class="id" title="binder">a<sub>2</sub></span></a> <a id="a<sub>2</sub>':230" class="idref" href="#a<sub>2</sub>':230"><span class="id" title="binder">a<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#aval"><span class="id" title="inductive">aval</span></a> <a class="idref" href="Smallstep.html#v<sub>1</sub>:228"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>2</sub>:229"><span class="id" title="variable">a<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>2</sub>':230"><span class="id" title="variable">a<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#v<sub>1</sub>:228"><span class="id" title="variable">v<sub>1</sub></span></a> <span class="id" title="notation">≤</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>:229"><span class="id" title="variable">a<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#v<sub>1</sub>:228"><span class="id" title="variable">v<sub>1</sub></span></a> <span class="id" title="notation">≤</span> <a class="idref" href="Smallstep.html#a<sub>2</sub>':230"><span class="id" title="variable">a<sub>2</sub>'</span></a> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_LtEq" class="idref" href="#BS_LtEq"><span class="id" title="constructor">BS_LtEq</span></a> : <span class="id" title="keyword">∀</span> (<a id="n<sub>1</sub>:231" class="idref" href="#n<sub>1</sub>:231"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:232" class="idref" href="#n<sub>2</sub>:232"><span class="id" title="binder">n<sub>2</sub></span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#n<sub>1</sub>:231"><span class="id" title="variable">n<sub>1</sub></span></a> <span class="id" title="notation">≤</span> <a class="idref" href="Smallstep.html#n<sub>2</sub>:232"><span class="id" title="variable">n<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">(</span></a><span class="id" title="keyword">if</span> (<a class="idref" href="Smallstep.html#n<sub>1</sub>:231"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0f31f5c1c6b6a21a3a187247222bc9e<sub>4</sub>"><span class="id" title="notation">&lt;=?</span></a> <a class="idref" href="Smallstep.html#n<sub>2</sub>:232"><span class="id" title="variable">n<sub>2</sub></span></a>) <span class="id" title="keyword">then</span> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">true</span> <span class="id" title="notation">}&gt;</span> <span class="id" title="keyword">else</span> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">false</span> <span class="id" title="notation">}&gt;</span><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">)</span></a><br/>
| <a id="BS_NotStep" class="idref" href="#BS_NotStep"><span class="id" title="constructor">BS_NotStep</span></a> : <span class="id" title="keyword">∀</span> <a id="b<sub>1</sub>:233" class="idref" href="#b<sub>1</sub>:233"><span class="id" title="binder">b<sub>1</sub></span></a> <a id="b<sub>1</sub>':234" class="idref" href="#b<sub>1</sub>':234"><span class="id" title="binder">b<sub>1</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#b<sub>1</sub>:233"><span class="id" title="variable">b<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <a class="idref" href="Smallstep.html#b<sub>1</sub>':234"><span class="id" title="variable">b<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="notation">¬</span> <a class="idref" href="Smallstep.html#b<sub>1</sub>:233"><span class="id" title="variable">b<sub>1</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">¬</span> <a class="idref" href="Smallstep.html#b<sub>1</sub>':234"><span class="id" title="variable">b<sub>1</sub>'</span></a> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_NotTrue" class="idref" href="#BS_NotTrue"><span class="id" title="constructor">BS_NotTrue</span></a>  : <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">¬</span> <span class="id" title="notation">true</span> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a>  <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">false</span> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_NotFalse" class="idref" href="#BS_NotFalse"><span class="id" title="constructor">BS_NotFalse</span></a> : <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">¬</span> <span class="id" title="notation">false</span> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">true</span> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_AndStep" class="idref" href="#BS_AndStep"><span class="id" title="constructor">BS_AndStep</span></a> : <span class="id" title="keyword">∀</span> <a id="b<sub>1</sub>:235" class="idref" href="#b<sub>1</sub>:235"><span class="id" title="binder">b<sub>1</sub></span></a> <a id="b<sub>1</sub>':236" class="idref" href="#b<sub>1</sub>':236"><span class="id" title="binder">b<sub>1</sub>'</span></a> <a id="b<sub>2</sub>:237" class="idref" href="#b<sub>2</sub>:237"><span class="id" title="binder">b<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#b<sub>1</sub>:235"><span class="id" title="variable">b<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <a class="idref" href="Smallstep.html#b<sub>1</sub>':236"><span class="id" title="variable">b<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#b<sub>1</sub>:235"><span class="id" title="variable">b<sub>1</sub></span></a> <span class="id" title="notation">&amp;&amp;</span> <a class="idref" href="Smallstep.html#b<sub>2</sub>:237"><span class="id" title="variable">b<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#b<sub>1</sub>':236"><span class="id" title="variable">b<sub>1</sub>'</span></a> <span class="id" title="notation">&amp;&amp;</span> <a class="idref" href="Smallstep.html#b<sub>2</sub>:237"><span class="id" title="variable">b<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_AndTrueStep" class="idref" href="#BS_AndTrueStep"><span class="id" title="constructor">BS_AndTrueStep</span></a> : <span class="id" title="keyword">∀</span> <a id="b<sub>2</sub>:238" class="idref" href="#b<sub>2</sub>:238"><span class="id" title="binder">b<sub>2</sub></span></a> <a id="b<sub>2</sub>':239" class="idref" href="#b<sub>2</sub>':239"><span class="id" title="binder">b<sub>2</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#b<sub>2</sub>:238"><span class="id" title="variable">b<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <a class="idref" href="Smallstep.html#b<sub>2</sub>':239"><span class="id" title="variable">b<sub>2</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="notation">true</span> <span class="id" title="notation">&amp;&amp;</span> <a class="idref" href="Smallstep.html#b<sub>2</sub>:238"><span class="id" title="variable">b<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">true</span> <span class="id" title="notation">&amp;&amp;</span> <a class="idref" href="Smallstep.html#b<sub>2</sub>':239"><span class="id" title="variable">b<sub>2</sub>'</span></a> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_AndFalse" class="idref" href="#BS_AndFalse"><span class="id" title="constructor">BS_AndFalse</span></a> : <span class="id" title="keyword">∀</span> <a id="b<sub>2</sub>:240" class="idref" href="#b<sub>2</sub>:240"><span class="id" title="binder">b<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="notation">false</span> <span class="id" title="notation">&amp;&amp;</span> <a class="idref" href="Smallstep.html#b<sub>2</sub>:240"><span class="id" title="variable">b<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">false</span> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_AndTrueTrue" class="idref" href="#BS_AndTrueTrue"><span class="id" title="constructor">BS_AndTrueTrue</span></a>  : <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">true</span> <span class="id" title="notation">&amp;&amp;</span> <span class="id" title="notation">true</span>  <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">true</span> <span class="id" title="notation">}&gt;</span><br/>
| <a id="BS_AndTrueFalse" class="idref" href="#BS_AndTrueFalse"><span class="id" title="constructor">BS_AndTrueFalse</span></a> : <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">true</span> <span class="id" title="notation">&amp;&amp;</span> <span class="id" title="notation">false</span> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:214"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">false</span> <span class="id" title="notation">}&gt;</span><br/>
<br/>
<span class="id" title="keyword">where</span> <a id="b26f673e1b1d9b99d89d729449993cc<sub>5</sub>" class="idref" href="#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">&quot;</span></a> b '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>b' b' " := (<a class="idref" href="Smallstep.html#bstep:216"><span class="id" title="inductive">bstep</span></a> <span class="id" title="var">st</span> <span class="id" title="var">b</span> <span class="id" title="var">b'</span>).<br/>
</div>

<div class="doc">
The semantics of commands is the interesting part.  We need two
    small tricks to make it work:

<div class="paragraph"> </div>

<ul class="doclist">
<li> We use <span class="inlinecode"><span class="id" title="var">skip</span></span> as a "command value" -- i.e., a command that
         has reached a normal form.

<div class="paragraph"> </div>

<ul class="doclist">
<li> An assignment command reduces to <span class="inlinecode"><span class="id" title="var">skip</span></span> (and an updated
              state).

<div class="paragraph"> </div>


</li>
<li> The sequencing command waits until its left-hand
              subcommand has reduced to <span class="inlinecode"><span class="id" title="var">skip</span></span>, then throws it away so
              that reduction can continue with the right-hand
              subcommand.

<div class="paragraph"> </div>


</li>
</ul>

</li>
<li> We reduce a <span class="inlinecode"><span class="id" title="var">while</span></span> command by transforming it into a
         conditional followed by the same <span class="inlinecode"><span class="id" title="var">while</span></span>. 
</li>
</ul>

<div class="paragraph"> </div>

 (There are other ways of achieving the effect of the latter
    trick, but they all share the feature that the original <span class="inlinecode"><span class="id" title="var">while</span></span>
    command needs to be saved somewhere while a single copy of the loop
    body is being reduced.) 
</div>
<div class="code">

<span class="id" title="keyword">Reserved Notation</span> &quot; t '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' '/' st' "<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40, <span class="id" title="var">st</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39, <span class="id" title="var">t'</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="cstep" class="idref" href="#cstep"><span class="id" title="inductive">cstep</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">(</span></a><span class="id" title="inductive">com</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a> <span class="id" title="definition">state</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">(</span></a><span class="id" title="inductive">com</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a> <span class="id" title="definition">state</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="CS_AsgnStep" class="idref" href="#CS_AsgnStep"><span class="id" title="constructor">CS_AsgnStep</span></a> : <span class="id" title="keyword">∀</span> <a id="st:243" class="idref" href="#st:243"><span class="id" title="binder">st</span></a> <a id="i:244" class="idref" href="#i:244"><span class="id" title="binder">i</span></a> <a id="a<sub>1</sub>:245" class="idref" href="#a<sub>1</sub>:245"><span class="id" title="binder">a<sub>1</sub></span></a> <a id="a<sub>1</sub>':246" class="idref" href="#a<sub>1</sub>':246"><span class="id" title="binder">a<sub>1</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>1</sub>:245"><span class="id" title="variable">a<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:243"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>1</sub>':246"><span class="id" title="variable">a<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#i:244"><span class="id" title="variable">i</span></a> <span class="id" title="notation">:=</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>:245"><span class="id" title="variable">a<sub>1</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:243"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#i:244"><span class="id" title="variable">i</span></a> <span class="id" title="notation">:=</span> <a class="idref" href="Smallstep.html#a<sub>1</sub>':246"><span class="id" title="variable">a<sub>1</sub>'</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:243"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="CS_Asgn" class="idref" href="#CS_Asgn"><span class="id" title="constructor">CS_Asgn</span></a> : <span class="id" title="keyword">∀</span> <a id="st:247" class="idref" href="#st:247"><span class="id" title="binder">st</span></a> <a id="i:248" class="idref" href="#i:248"><span class="id" title="binder">i</span></a> (<a id="n:249" class="idref" href="#n:249"><span class="id" title="binder">n</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#i:248"><span class="id" title="variable">i</span></a> <span class="id" title="notation">:=</span> <a class="idref" href="Smallstep.html#n:249"><span class="id" title="variable">n</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:247"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <span class="id" title="notation">&lt;{</span> <span class="id" title="notation">skip</span> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#i:248"><span class="id" title="variable">i</span></a> <span class="id" title="notation">!<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> <a class="idref" href="Smallstep.html#n:249"><span class="id" title="variable">n</span></a> <span class="id" title="notation">;</span> <a class="idref" href="Smallstep.html#st:247"><span class="id" title="variable">st</span></a><a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="CS_SeqStep" class="idref" href="#CS_SeqStep"><span class="id" title="constructor">CS_SeqStep</span></a> : <span class="id" title="keyword">∀</span> <a id="st:250" class="idref" href="#st:250"><span class="id" title="binder">st</span></a> <a id="c<sub>1</sub>:251" class="idref" href="#c<sub>1</sub>:251"><span class="id" title="binder">c<sub>1</sub></span></a> <a id="c<sub>1</sub>':252" class="idref" href="#c<sub>1</sub>':252"><span class="id" title="binder">c<sub>1</sub>'</span></a> <a id="st':253" class="idref" href="#st':253"><span class="id" title="binder">st'</span></a> <a id="c<sub>2</sub>:254" class="idref" href="#c<sub>2</sub>:254"><span class="id" title="binder">c<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#c<sub>1</sub>:251"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:250"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>':252"><span class="id" title="variable">c<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':253"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:251"><span class="id" title="variable">c<sub>1</sub></span></a> <span class="id" title="notation">;</span> <a class="idref" href="Smallstep.html#c<sub>2</sub>:254"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:250"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>':252"><span class="id" title="variable">c<sub>1</sub>'</span></a> <span class="id" title="notation">;</span> <a class="idref" href="Smallstep.html#c<sub>2</sub>:254"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':253"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="CS_SeqFinish" class="idref" href="#CS_SeqFinish"><span class="id" title="constructor">CS_SeqFinish</span></a> : <span class="id" title="keyword">∀</span> <a id="st:255" class="idref" href="#st:255"><span class="id" title="binder">st</span></a> <a id="c<sub>2</sub>:256" class="idref" href="#c<sub>2</sub>:256"><span class="id" title="binder">c<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="notation">skip</span> <span class="id" title="notation">;</span> <a class="idref" href="Smallstep.html#c<sub>2</sub>:256"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:255"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:256"><span class="id" title="variable">c<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:255"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="CS_IfStep" class="idref" href="#CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a> : <span class="id" title="keyword">∀</span> <a id="st:257" class="idref" href="#st:257"><span class="id" title="binder">st</span></a> <a id="b<sub>1</sub>:258" class="idref" href="#b<sub>1</sub>:258"><span class="id" title="binder">b<sub>1</sub></span></a> <a id="b<sub>1</sub>':259" class="idref" href="#b<sub>1</sub>':259"><span class="id" title="binder">b<sub>1</sub>'</span></a> <a id="c<sub>1</sub>:260" class="idref" href="#c<sub>1</sub>:260"><span class="id" title="binder">c<sub>1</sub></span></a> <a id="c<sub>2</sub>:261" class="idref" href="#c<sub>2</sub>:261"><span class="id" title="binder">c<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#b<sub>1</sub>:258"><span class="id" title="variable">b<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:257"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <a class="idref" href="Smallstep.html#b<sub>1</sub>':259"><span class="id" title="variable">b<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="notation">if</span> <a class="idref" href="Smallstep.html#b<sub>1</sub>:258"><span class="id" title="variable">b<sub>1</sub></span></a> <span class="id" title="notation">then</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:260"><span class="id" title="variable">c<sub>1</sub></span></a> <span class="id" title="notation">else</span> <a class="idref" href="Smallstep.html#c<sub>2</sub>:261"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">end</span> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:257"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="notation">if</span> <a class="idref" href="Smallstep.html#b<sub>1</sub>':259"><span class="id" title="variable">b<sub>1</sub>'</span></a> <span class="id" title="notation">then</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:260"><span class="id" title="variable">c<sub>1</sub></span></a> <span class="id" title="notation">else</span> <a class="idref" href="Smallstep.html#c<sub>2</sub>:261"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">end</span> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:257"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="CS_IfTrue" class="idref" href="#CS_IfTrue"><span class="id" title="constructor">CS_IfTrue</span></a> : <span class="id" title="keyword">∀</span> <a id="st:262" class="idref" href="#st:262"><span class="id" title="binder">st</span></a> <a id="c<sub>1</sub>:263" class="idref" href="#c<sub>1</sub>:263"><span class="id" title="binder">c<sub>1</sub></span></a> <a id="c<sub>2</sub>:264" class="idref" href="#c<sub>2</sub>:264"><span class="id" title="binder">c<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="notation">if</span> <span class="id" title="notation">true</span> <span class="id" title="notation">then</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:263"><span class="id" title="variable">c<sub>1</sub></span></a> <span class="id" title="notation">else</span> <a class="idref" href="Smallstep.html#c<sub>2</sub>:264"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">end</span> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:262"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>:263"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:262"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="CS_IfFalse" class="idref" href="#CS_IfFalse"><span class="id" title="constructor">CS_IfFalse</span></a> : <span class="id" title="keyword">∀</span> <a id="st:265" class="idref" href="#st:265"><span class="id" title="binder">st</span></a> <a id="c<sub>1</sub>:266" class="idref" href="#c<sub>1</sub>:266"><span class="id" title="binder">c<sub>1</sub></span></a> <a id="c<sub>2</sub>:267" class="idref" href="#c<sub>2</sub>:267"><span class="id" title="binder">c<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="notation">if</span> <span class="id" title="notation">false</span> <span class="id" title="notation">then</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:266"><span class="id" title="variable">c<sub>1</sub></span></a> <span class="id" title="notation">else</span> <a class="idref" href="Smallstep.html#c<sub>2</sub>:267"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">end</span> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:265"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:267"><span class="id" title="variable">c<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:265"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="CS_While" class="idref" href="#CS_While"><span class="id" title="constructor">CS_While</span></a> : <span class="id" title="keyword">∀</span> <a id="st:268" class="idref" href="#st:268"><span class="id" title="binder">st</span></a> <a id="b<sub>1</sub>:269" class="idref" href="#b<sub>1</sub>:269"><span class="id" title="binder">b<sub>1</sub></span></a> <a id="c<sub>1</sub>:270" class="idref" href="#c<sub>1</sub>:270"><span class="id" title="binder">c<sub>1</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="notation">while</span> <a class="idref" href="Smallstep.html#b<sub>1</sub>:269"><span class="id" title="variable">b<sub>1</sub></span></a> <span class="id" title="notation">do</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:270"><span class="id" title="variable">c<sub>1</sub></span></a> <span class="id" title="notation">end</span> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:268"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="notation">if</span> <a class="idref" href="Smallstep.html#b<sub>1</sub>:269"><span class="id" title="variable">b<sub>1</sub></span></a> <span class="id" title="notation">then</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:270"><span class="id" title="variable">c<sub>1</sub></span></a><span class="id" title="notation">;</span> <span class="id" title="notation">while</span> <a class="idref" href="Smallstep.html#b<sub>1</sub>:269"><span class="id" title="variable">b<sub>1</sub></span></a> <span class="id" title="notation">do</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:270"><span class="id" title="variable">c<sub>1</sub></span></a> <span class="id" title="notation">end</span> <span class="id" title="notation">else</span> <span class="id" title="notation">skip</span> <span class="id" title="notation">end</span> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:268"><span class="id" title="variable">st</span></a><br/>
<br/>
&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id="6e515222feff978d19765018dc1007ec" class="idref" href="#6e515222feff978d19765018dc1007ec"><span class="id" title="notation">&quot;</span></a> t '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' '/' st' " := (<a class="idref" href="Smallstep.html#cstep:242"><span class="id" title="inductive">cstep</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>).<br/>
</div>

<div class="doc">
<a id="lab181"></a><h1 class="section">Concurrent Imp</h1>

<div class="paragraph"> </div>

 Finally, to show the power of this definitional style, let's
    enrich Imp with a new form of command that runs two subcommands in
    parallel and terminates when both have terminated.  To reflect the
    unpredictability of scheduling, the actions of the subcommands may
    be interleaved in any order, but they share the same memory and
    can communicate by reading and writing the same variables. 
</div>
<div class="code">

<span class="id" title="keyword">Module</span> <a id="CImp" class="idref" href="#CImp"><span class="id" title="module">CImp</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="CImp.com" class="idref" href="#CImp.com"><span class="id" title="inductive">com</span></a> : <span class="id" title="keyword">Type</span> :=<br/>
&nbsp;&nbsp;| <a id="CImp.CSkip" class="idref" href="#CImp.CSkip"><span class="id" title="constructor">CSkip</span></a> : <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CAsgn" class="idref" href="#CImp.CAsgn"><span class="id" title="constructor">CAsgn</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="inductive">aexp</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CSeq" class="idref" href="#CImp.CSeq"><span class="id" title="constructor">CSeq</span></a> : <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CIf" class="idref" href="#CImp.CIf"><span class="id" title="constructor">CIf</span></a> : <span class="id" title="inductive">bexp</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CWhile" class="idref" href="#CImp.CWhile"><span class="id" title="constructor">CWhile</span></a> : <span class="id" title="inductive">bexp</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CPar" class="idref" href="#CImp.CPar"><span class="id" title="constructor">CPar</span></a> : <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#com:271"><span class="id" title="inductive">com</span></a>. <span class="comment">(*&nbsp;&lt;---&nbsp;NEW&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Notation</span> <a id="d6b7010d9ad45e09152f6559d8ee4de<sub>6</sub>" class="idref" href="#d6b7010d9ad45e09152f6559d8ee4de<sub>6</sub>"><span class="id" title="notation">&quot;</span></a>x || y" :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#CImp.CPar"><span class="id" title="constructor">CPar</span></a> <span class="id" title="var">x</span> <span class="id" title="var">y</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">com</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 90, <span class="id" title="tactic">right</span> <span class="id" title="keyword">associativity</span>).<br/>
<span class="id" title="keyword">Notation</span> <a id="CImp.:com::'skip'" class="idref" href="#CImp.:com::'skip'"><span class="id" title="notation">&quot;</span></a>'skip'"  :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#CImp.CSkip"><span class="id" title="constructor">CSkip</span></a> (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">com</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0).<br/>
<span class="id" title="keyword">Notation</span> <a id="d8973dfc731ad829b426e5a1b78f458b" class="idref" href="#d8973dfc731ad829b426e5a1b78f458b"><span class="id" title="notation">&quot;</span></a>x := y"  :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#CImp.CAsgn"><span class="id" title="constructor">CAsgn</span></a> <span class="id" title="var">x</span> <span class="id" title="var">y</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">com</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0, <span class="id" title="var">x</span> <span class="id" title="keyword">constr</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">y</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 85, <span class="id" title="keyword">no</span> <span class="id" title="keyword">associativity</span>).<br/>
<span class="id" title="keyword">Notation</span> <a id="ed87b350c5fc502e1d186de268444506" class="idref" href="#ed87b350c5fc502e1d186de268444506"><span class="id" title="notation">&quot;</span></a>x ; y" :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#CImp.CSeq"><span class="id" title="constructor">CSeq</span></a> <span class="id" title="var">x</span> <span class="id" title="var">y</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">com</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 90, <span class="id" title="tactic">right</span> <span class="id" title="keyword">associativity</span>).<br/>
<span class="id" title="keyword">Notation</span> <a id="CImp.:com::'if'_x_'then'_x_'else'_x_'end'" class="idref" href="#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">&quot;</span></a>'if' x 'then' y 'else' z 'end'" :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#CImp.CIf"><span class="id" title="constructor">CIf</span></a> <span class="id" title="var">x</span> <span class="id" title="var">y</span> <span class="id" title="var">z</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">com</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 89, <span class="id" title="var">x</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">y</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99, <span class="id" title="var">z</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99).<br/>
<span class="id" title="keyword">Notation</span> <a id="CImp.:com::'while'_x_'do'_x_'end'" class="idref" href="#CImp.:com::'while'_x_'do'_x_'end'"><span class="id" title="notation">&quot;</span></a>'while' x 'do' y 'end'" :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#CImp.CWhile"><span class="id" title="constructor">CWhile</span></a> <span class="id" title="var">x</span> <span class="id" title="var">y</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">com</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 89, <span class="id" title="var">x</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99, <span class="id" title="var">y</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="CImp.cstep" class="idref" href="#CImp.cstep"><span class="id" title="inductive">cstep</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#CImp.com"><span class="id" title="inductive">com</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a> <span class="id" title="definition">state</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">)</span></a>  <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#CImp.com"><span class="id" title="inductive">com</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a> <span class="id" title="definition">state</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="comment">(*&nbsp;Old&nbsp;part:&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a id="CImp.CS_AsgnStep" class="idref" href="#CImp.CS_AsgnStep"><span class="id" title="constructor">CS_AsgnStep</span></a> : <span class="id" title="keyword">∀</span> <a id="st:275" class="idref" href="#st:275"><span class="id" title="binder">st</span></a> <a id="i:276" class="idref" href="#i:276"><span class="id" title="binder">i</span></a> <a id="a<sub>1</sub>:277" class="idref" href="#a<sub>1</sub>:277"><span class="id" title="binder">a<sub>1</sub></span></a> <a id="a<sub>1</sub>':278" class="idref" href="#a<sub>1</sub>':278"><span class="id" title="binder">a<sub>1</sub>'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a<sub>1</sub>:277"><span class="id" title="variable">a<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:275"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#f223d501fd6c3a7e915ee72dd3a78dab"><span class="id" title="notation">a</span></a> <a class="idref" href="Smallstep.html#a<sub>1</sub>':278"><span class="id" title="variable">a<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#i:276"><span class="id" title="variable">i</span></a> <a class="idref" href="Smallstep.html#d8973dfc731ad829b426e5a1b78f458b"><span class="id" title="notation">:=</span></a> <a class="idref" href="Smallstep.html#a<sub>1</sub>:277"><span class="id" title="variable">a<sub>1</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:275"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#i:276"><span class="id" title="variable">i</span></a> <a class="idref" href="Smallstep.html#d8973dfc731ad829b426e5a1b78f458b"><span class="id" title="notation">:=</span></a> <a class="idref" href="Smallstep.html#a<sub>1</sub>':278"><span class="id" title="variable">a<sub>1</sub>'</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:275"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CS_Asgn" class="idref" href="#CImp.CS_Asgn"><span class="id" title="constructor">CS_Asgn</span></a> : <span class="id" title="keyword">∀</span> <a id="st:279" class="idref" href="#st:279"><span class="id" title="binder">st</span></a> <a id="i:280" class="idref" href="#i:280"><span class="id" title="binder">i</span></a> (<a id="n:281" class="idref" href="#n:281"><span class="id" title="binder">n</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#i:280"><span class="id" title="variable">i</span></a> <a class="idref" href="Smallstep.html#d8973dfc731ad829b426e5a1b78f458b"><span class="id" title="notation">:=</span></a> <a class="idref" href="Smallstep.html#n:281"><span class="id" title="variable">n</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:279"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#CImp.:com::'skip'"><span class="id" title="notation">skip</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#i:280"><span class="id" title="variable">i</span></a> <span class="id" title="notation">!<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> <a class="idref" href="Smallstep.html#n:281"><span class="id" title="variable">n</span></a> <span class="id" title="notation">;</span> <a class="idref" href="Smallstep.html#st:279"><span class="id" title="variable">st</span></a><a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CS_SeqStep" class="idref" href="#CImp.CS_SeqStep"><span class="id" title="constructor">CS_SeqStep</span></a> : <span class="id" title="keyword">∀</span> <a id="st:282" class="idref" href="#st:282"><span class="id" title="binder">st</span></a> <a id="c<sub>1</sub>:283" class="idref" href="#c<sub>1</sub>:283"><span class="id" title="binder">c<sub>1</sub></span></a> <a id="c<sub>1</sub>':284" class="idref" href="#c<sub>1</sub>':284"><span class="id" title="binder">c<sub>1</sub>'</span></a> <a id="st':285" class="idref" href="#st':285"><span class="id" title="binder">st'</span></a> <a id="c<sub>2</sub>:286" class="idref" href="#c<sub>2</sub>:286"><span class="id" title="binder">c<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#c<sub>1</sub>:283"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:282"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>':284"><span class="id" title="variable">c<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':285"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:283"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#ed87b350c5fc502e1d186de268444506"><span class="id" title="notation">;</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:286"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:282"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>':284"><span class="id" title="variable">c<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#ed87b350c5fc502e1d186de268444506"><span class="id" title="notation">;</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:286"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':285"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CS_SeqFinish" class="idref" href="#CImp.CS_SeqFinish"><span class="id" title="constructor">CS_SeqFinish</span></a> : <span class="id" title="keyword">∀</span> <a id="st:287" class="idref" href="#st:287"><span class="id" title="binder">st</span></a> <a id="c<sub>2</sub>:288" class="idref" href="#c<sub>2</sub>:288"><span class="id" title="binder">c<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#CImp.:com::'skip'"><span class="id" title="notation">skip</span></a> <a class="idref" href="Smallstep.html#ed87b350c5fc502e1d186de268444506"><span class="id" title="notation">;</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:288"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:287"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:288"><span class="id" title="variable">c<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:287"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CS_IfStep" class="idref" href="#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a> : <span class="id" title="keyword">∀</span> <a id="st:289" class="idref" href="#st:289"><span class="id" title="binder">st</span></a> <a id="b<sub>1</sub>:290" class="idref" href="#b<sub>1</sub>:290"><span class="id" title="binder">b<sub>1</sub></span></a> <a id="b<sub>1</sub>':291" class="idref" href="#b<sub>1</sub>':291"><span class="id" title="binder">b<sub>1</sub>'</span></a> <a id="c<sub>1</sub>:292" class="idref" href="#c<sub>1</sub>:292"><span class="id" title="binder">c<sub>1</sub></span></a> <a id="c<sub>2</sub>:293" class="idref" href="#c<sub>2</sub>:293"><span class="id" title="binder">c<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#b<sub>1</sub>:290"><span class="id" title="variable">b<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:289"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><a class="idref" href="Smallstep.html#b26f673e1b1d9b99d89d729449993cc<sub>5</sub>"><span class="id" title="notation">b</span></a> <a class="idref" href="Smallstep.html#b<sub>1</sub>':291"><span class="id" title="variable">b<sub>1</sub>'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">if</span></a> <a class="idref" href="Smallstep.html#b<sub>1</sub>:290"><span class="id" title="variable">b<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">then</span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>:292"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">else</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:293"><span class="id" title="variable">c<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">end</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:289"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">if</span></a> <a class="idref" href="Smallstep.html#b<sub>1</sub>':291"><span class="id" title="variable">b<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">then</span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>:292"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">else</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:293"><span class="id" title="variable">c<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">end</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:289"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CS_IfTrue" class="idref" href="#CImp.CS_IfTrue"><span class="id" title="constructor">CS_IfTrue</span></a> : <span class="id" title="keyword">∀</span> <a id="st:294" class="idref" href="#st:294"><span class="id" title="binder">st</span></a> <a id="c<sub>1</sub>:295" class="idref" href="#c<sub>1</sub>:295"><span class="id" title="binder">c<sub>1</sub></span></a> <a id="c<sub>2</sub>:296" class="idref" href="#c<sub>2</sub>:296"><span class="id" title="binder">c<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">if</span></a> <span class="id" title="notation">true</span> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">then</span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>:295"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">else</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:296"><span class="id" title="variable">c<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">end</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:294"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>:295"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:294"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CS_IfFalse" class="idref" href="#CImp.CS_IfFalse"><span class="id" title="constructor">CS_IfFalse</span></a> : <span class="id" title="keyword">∀</span> <a id="st:297" class="idref" href="#st:297"><span class="id" title="binder">st</span></a> <a id="c<sub>1</sub>:298" class="idref" href="#c<sub>1</sub>:298"><span class="id" title="binder">c<sub>1</sub></span></a> <a id="c<sub>2</sub>:299" class="idref" href="#c<sub>2</sub>:299"><span class="id" title="binder">c<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">if</span></a> <span class="id" title="notation">false</span> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">then</span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>:298"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">else</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:299"><span class="id" title="variable">c<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">end</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:297"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:299"><span class="id" title="variable">c<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:297"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CS_While" class="idref" href="#CImp.CS_While"><span class="id" title="constructor">CS_While</span></a> : <span class="id" title="keyword">∀</span> <a id="st:300" class="idref" href="#st:300"><span class="id" title="binder">st</span></a> <a id="b<sub>1</sub>:301" class="idref" href="#b<sub>1</sub>:301"><span class="id" title="binder">b<sub>1</sub></span></a> <a id="c<sub>1</sub>:302" class="idref" href="#c<sub>1</sub>:302"><span class="id" title="binder">c<sub>1</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#CImp.:com::'while'_x_'do'_x_'end'"><span class="id" title="notation">while</span></a> <a class="idref" href="Smallstep.html#b<sub>1</sub>:301"><span class="id" title="variable">b<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'while'_x_'do'_x_'end'"><span class="id" title="notation">do</span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>:302"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'while'_x_'do'_x_'end'"><span class="id" title="notation">end</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:300"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">if</span></a> <a class="idref" href="Smallstep.html#b<sub>1</sub>:301"><span class="id" title="variable">b<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">then</span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>:302"><span class="id" title="variable">c<sub>1</sub></span></a><a class="idref" href="Smallstep.html#ed87b350c5fc502e1d186de268444506"><span class="id" title="notation">;</span></a> <a class="idref" href="Smallstep.html#CImp.:com::'while'_x_'do'_x_'end'"><span class="id" title="notation">while</span></a> <a class="idref" href="Smallstep.html#b<sub>1</sub>:301"><span class="id" title="variable">b<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'while'_x_'do'_x_'end'"><span class="id" title="notation">do</span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>:302"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#CImp.:com::'while'_x_'do'_x_'end'"><span class="id" title="notation">end</span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">else</span></a> <a class="idref" href="Smallstep.html#CImp.:com::'skip'"><span class="id" title="notation">skip</span></a> <a class="idref" href="Smallstep.html#CImp.:com::'if'_x_'then'_x_'else'_x_'end'"><span class="id" title="notation">end</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:300"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="comment">(*&nbsp;New&nbsp;part:&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a id="CImp.CS_Par1" class="idref" href="#CImp.CS_Par1"><span class="id" title="constructor">CS_Par1</span></a> : <span class="id" title="keyword">∀</span> <a id="st:303" class="idref" href="#st:303"><span class="id" title="binder">st</span></a> <a id="c<sub>1</sub>:304" class="idref" href="#c<sub>1</sub>:304"><span class="id" title="binder">c<sub>1</sub></span></a> <a id="c<sub>1</sub>':305" class="idref" href="#c<sub>1</sub>':305"><span class="id" title="binder">c<sub>1</sub>'</span></a> <a id="c<sub>2</sub>:306" class="idref" href="#c<sub>2</sub>:306"><span class="id" title="binder">c<sub>2</sub></span></a> <a id="st':307" class="idref" href="#st':307"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#c<sub>1</sub>:304"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:303"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#c<sub>1</sub>':305"><span class="id" title="variable">c<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':307"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:304"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#d6b7010d9ad45e09152f6559d8ee4de<sub>6</sub>"><span class="id" title="notation">||</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:306"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:303"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>':305"><span class="id" title="variable">c<sub>1</sub>'</span></a> <a class="idref" href="Smallstep.html#d6b7010d9ad45e09152f6559d8ee4de<sub>6</sub>"><span class="id" title="notation">||</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:306"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':307"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CS_Par2" class="idref" href="#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a> : <span class="id" title="keyword">∀</span> <a id="st:308" class="idref" href="#st:308"><span class="id" title="binder">st</span></a> <a id="c<sub>1</sub>:309" class="idref" href="#c<sub>1</sub>:309"><span class="id" title="binder">c<sub>1</sub></span></a> <a id="c<sub>2</sub>:310" class="idref" href="#c<sub>2</sub>:310"><span class="id" title="binder">c<sub>2</sub></span></a> <a id="c<sub>2</sub>':311" class="idref" href="#c<sub>2</sub>':311"><span class="id" title="binder">c<sub>2</sub>'</span></a> <a id="st':312" class="idref" href="#st':312"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#c<sub>2</sub>:310"><span class="id" title="variable">c<sub>2</sub></span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:308"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>':311"><span class="id" title="variable">c<sub>2</sub>'</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':312"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:309"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#d6b7010d9ad45e09152f6559d8ee4de<sub>6</sub>"><span class="id" title="notation">||</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>:310"><span class="id" title="variable">c<sub>2</sub></span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:308"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#c<sub>1</sub>:309"><span class="id" title="variable">c<sub>1</sub></span></a> <a class="idref" href="Smallstep.html#d6b7010d9ad45e09152f6559d8ee4de<sub>6</sub>"><span class="id" title="notation">||</span></a> <a class="idref" href="Smallstep.html#c<sub>2</sub>':311"><span class="id" title="variable">c<sub>2</sub>'</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':312"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="CImp.CS_ParDone" class="idref" href="#CImp.CS_ParDone"><span class="id" title="constructor">CS_ParDone</span></a> : <span class="id" title="keyword">∀</span> <a id="st:313" class="idref" href="#st:313"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#CImp.:com::'skip'"><span class="id" title="notation">skip</span></a> <a class="idref" href="Smallstep.html#d6b7010d9ad45e09152f6559d8ee4de<sub>6</sub>"><span class="id" title="notation">||</span></a> <a class="idref" href="Smallstep.html#CImp.:com::'skip'"><span class="id" title="notation">skip</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:313"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <span class="id" title="notation">&lt;{</span> <a class="idref" href="Smallstep.html#CImp.:com::'skip'"><span class="id" title="notation">skip</span></a> <span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:313"><span class="id" title="variable">st</span></a><br/>
<br/>
&nbsp;&nbsp;<span class="id" title="keyword">where</span> <a id="88d537a787a18ee622b01c601a62342a" class="idref" href="#88d537a787a18ee622b01c601a62342a"><span class="id" title="notation">&quot;</span></a> t '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' '/' st' " := (<a class="idref" href="Smallstep.html#cstep:274"><span class="id" title="inductive">cstep</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="CImp.cmultistep" class="idref" href="#CImp.cmultistep"><span class="id" title="definition">cmultistep</span></a> := <a class="idref" href="Smallstep.html#multi"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#CImp.cstep"><span class="id" title="inductive">cstep</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Notation</span> <a id="1ac4746b7263e82a2c39e7596bcbcd58" class="idref" href="#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">&quot;</span></a> t '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span>' t' '/' st' " :=<br/>
&nbsp;&nbsp;&nbsp;(<a class="idref" href="Smallstep.html#multi"><span class="id" title="inductive">multi</span></a> <a class="idref" href="Smallstep.html#CImp.cstep"><span class="id" title="inductive">cstep</span></a>  <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>)<br/>
&nbsp;&nbsp;&nbsp;(<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40, <span class="id" title="var">st</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39, <span class="id" title="var">t'</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39).<br/>
</div>

<div class="doc">
Among the many interesting properties of this language is the fact
    that the following program can terminate with the variable <span class="inlinecode"><span class="id" title="var">X</span></span> set
    to any value. 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="CImp.par_loop" class="idref" href="#CImp.par_loop"><span class="id" title="definition">par_loop</span></a> : <a class="idref" href="Smallstep.html#CImp.com"><span class="id" title="inductive">com</span></a> :=<br/>
&nbsp;&nbsp;<span class="id" title="notation">&lt;{</span> <span class="id" title="definition">Y</span> <a class="idref" href="Smallstep.html#d8973dfc731ad829b426e5a1b78f458b"><span class="id" title="notation">:=</span></a> 1 <a class="idref" href="Smallstep.html#d6b7010d9ad45e09152f6559d8ee4de<sub>6</sub>"><span class="id" title="notation">||</span></a> <a class="idref" href="Smallstep.html#CImp.:com::'while'_x_'do'_x_'end'"><span class="id" title="notation">while</span></a> <span class="id" title="notation">(</span><span class="id" title="definition">Y</span> <span class="id" title="notation">=</span> 0<span class="id" title="notation">)</span> <a class="idref" href="Smallstep.html#CImp.:com::'while'_x_'do'_x_'end'"><span class="id" title="notation">do</span></a> <span class="id" title="definition">X</span> <a class="idref" href="Smallstep.html#d8973dfc731ad829b426e5a1b78f458b"><span class="id" title="notation">:=</span></a> <span class="id" title="definition">X</span> <span class="id" title="notation">+</span> 1 <a class="idref" href="Smallstep.html#CImp.:com::'while'_x_'do'_x_'end'"><span class="id" title="notation">end</span></a> <span class="id" title="notation">}&gt;</span>.<br/>
</div>

<div class="doc">
In particular, it can terminate with <span class="inlinecode"><span class="id" title="var">X</span></span> set to <span class="inlinecode">0</span>: 
</div>
<div class="code">

<span class="id" title="keyword">Example</span> <a id="CImp.par_loop_example_0" class="idref" href="#CImp.par_loop_example_0"><span class="id" title="definition">par_loop_example_0</span></a>:<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="st':314" class="idref" href="#st':314"><span class="id" title="binder">st'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#CImp.par_loop"><span class="id" title="definition">par_loop</span></a> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">/</span></a> <span class="id" title="definition">empty_st</span>  <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <span class="id" title="notation">&lt;{</span><a class="idref" href="Smallstep.html#CImp.:com::'skip'"><span class="id" title="notation">skip</span></a><span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':314"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#st':314"><span class="id" title="variable">st'</span></a> <span class="id" title="definition">X</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> 0.<br/>
<div class="togglescript" id="proofcontrol13" onclick="toggleDisplay('proof13');toggleDisplay('proofcontrol13')"><span class="show"></span></div>
<div class="proofscript" id="proof13" onclick="toggleDisplay('proof13');toggleDisplay('proofcontrol13')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="Smallstep.html#CImp.par_loop"><span class="id" title="definition">par_loop</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eexists</span>. <span class="id" title="tactic">split</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par1"><span class="id" title="constructor">CS_Par1</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Asgn"><span class="id" title="constructor">CS_Asgn</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_While"><span class="id" title="constructor">CS_While</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#BS_Eq<sub>1</sub>"><span class="id" title="constructor">BS_Eq<sub>1</sub></span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Id"><span class="id" title="constructor">AS_Id</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#BS_Eq"><span class="id" title="constructor">BS_Eq</span></a>. <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfFalse"><span class="id" title="constructor">CS_IfFalse</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_ParDone"><span class="id" title="constructor">CS_ParDone</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">reflexivity</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
It can also terminate with <span class="inlinecode"><span class="id" title="var">X</span></span> set to <span class="inlinecode">2</span>: 
</div>
<div class="code">

<span class="id" title="keyword">Example</span> <a id="CImp.par_loop_example_2" class="idref" href="#CImp.par_loop_example_2"><span class="id" title="definition">par_loop_example_2</span></a>:<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="st':315" class="idref" href="#st':315"><span class="id" title="binder">st'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#CImp.par_loop"><span class="id" title="definition">par_loop</span></a> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">/</span></a> <span class="id" title="definition">empty_st</span> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <span class="id" title="notation">&lt;{</span><a class="idref" href="Smallstep.html#CImp.:com::'skip'"><span class="id" title="notation">skip</span></a><span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':315"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#st':315"><span class="id" title="variable">st'</span></a> <span class="id" title="definition">X</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> 2.<br/>
<div class="togglescript" id="proofcontrol14" onclick="toggleDisplay('proof14');toggleDisplay('proofcontrol14')"><span class="show"></span></div>
<div class="proofscript" id="proof14" onclick="toggleDisplay('proof14');toggleDisplay('proofcontrol14')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="Smallstep.html#CImp.par_loop"><span class="id" title="definition">par_loop</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eexists</span>. <span class="id" title="tactic">split</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_While"><span class="id" title="constructor">CS_While</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#BS_Eq<sub>1</sub>"><span class="id" title="constructor">BS_Eq<sub>1</sub></span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Id"><span class="id" title="constructor">AS_Id</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#BS_Eq"><span class="id" title="constructor">BS_Eq</span></a>. <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfTrue"><span class="id" title="constructor">CS_IfTrue</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_SeqStep"><span class="id" title="constructor">CS_SeqStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_AsgnStep"><span class="id" title="constructor">CS_AsgnStep</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Plus1"><span class="id" title="constructor">AS_Plus1</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Id"><span class="id" title="constructor">AS_Id</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_SeqStep"><span class="id" title="constructor">CS_SeqStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_AsgnStep"><span class="id" title="constructor">CS_AsgnStep</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Plus"><span class="id" title="constructor">AS_Plus</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_SeqStep"><span class="id" title="constructor">CS_SeqStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Asgn"><span class="id" title="constructor">CS_Asgn</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_SeqFinish"><span class="id" title="constructor">CS_SeqFinish</span></a>.<br/><hr class='doublespaceincode'/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_While"><span class="id" title="constructor">CS_While</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#BS_Eq<sub>1</sub>"><span class="id" title="constructor">BS_Eq<sub>1</sub></span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Id"><span class="id" title="constructor">AS_Id</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#BS_Eq"><span class="id" title="constructor">BS_Eq</span></a>. <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfTrue"><span class="id" title="constructor">CS_IfTrue</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_SeqStep"><span class="id" title="constructor">CS_SeqStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_AsgnStep"><span class="id" title="constructor">CS_AsgnStep</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Plus1"><span class="id" title="constructor">AS_Plus1</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Id"><span class="id" title="constructor">AS_Id</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_SeqStep"><span class="id" title="constructor">CS_SeqStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_AsgnStep"><span class="id" title="constructor">CS_AsgnStep</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Plus"><span class="id" title="constructor">AS_Plus</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_SeqStep"><span class="id" title="constructor">CS_SeqStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Asgn"><span class="id" title="constructor">CS_Asgn</span></a>.<br/><hr class='doublespaceincode'/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par1"><span class="id" title="constructor">CS_Par1</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Asgn"><span class="id" title="constructor">CS_Asgn</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_SeqFinish"><span class="id" title="constructor">CS_SeqFinish</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_While"><span class="id" title="constructor">CS_While</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#BS_Eq<sub>1</sub>"><span class="id" title="constructor">BS_Eq<sub>1</sub></span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Id"><span class="id" title="constructor">AS_Id</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#BS_Eq"><span class="id" title="constructor">BS_Eq</span></a>. <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfFalse"><span class="id" title="constructor">CS_IfFalse</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_ParDone"><span class="id" title="constructor">CS_ParDone</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">reflexivity</span>. <span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
More generally... 
<div class="paragraph"> </div>

<a id="lab182"></a><h4 class="section">Exercise: 3 stars, standard, optional (par_body_n__Sn)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Lemma</span> <a id="CImp.par_body_n__Sn" class="idref" href="#CImp.par_body_n__Sn"><span class="id" title="lemma">par_body_n__Sn</span></a> : <span class="id" title="keyword">∀</span> <a id="n:316" class="idref" href="#n:316"><span class="id" title="binder">n</span></a> <a id="st:317" class="idref" href="#st:317"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#st:317"><span class="id" title="variable">st</span></a> <span class="id" title="definition">X</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="Smallstep.html#n:316"><span class="id" title="variable">n</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#st:317"><span class="id" title="variable">st</span></a> <span class="id" title="definition">Y</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> 0 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#CImp.par_loop"><span class="id" title="definition">par_loop</span></a> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:317"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#CImp.par_loop"><span class="id" title="definition">par_loop</span></a> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">(</span></a><span class="id" title="definition">X</span> <span class="id" title="notation">!<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#S"><span class="id" title="constructor">S</span></a> <a class="idref" href="Smallstep.html#n:316"><span class="id" title="variable">n</span></a> <span class="id" title="notation">;</span> <a class="idref" href="Smallstep.html#st:317"><span class="id" title="variable">st</span></a><a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">)</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

<a id="lab183"></a><h4 class="section">Exercise: 3 stars, standard, optional (par_body_n)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Lemma</span> <a id="CImp.par_body_n" class="idref" href="#CImp.par_body_n"><span class="id" title="lemma">par_body_n</span></a> : <span class="id" title="keyword">∀</span> <a id="n:318" class="idref" href="#n:318"><span class="id" title="binder">n</span></a> <a id="st:319" class="idref" href="#st:319"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#st:319"><span class="id" title="variable">st</span></a> <span class="id" title="definition">X</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> 0 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#st:319"><span class="id" title="variable">st</span></a> <span class="id" title="definition">Y</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> 0 <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="st':320" class="idref" href="#st':320"><span class="id" title="binder">st'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#CImp.par_loop"><span class="id" title="definition">par_loop</span></a> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st:319"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a>  <a class="idref" href="Smallstep.html#CImp.par_loop"><span class="id" title="definition">par_loop</span></a> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':320"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#st':320"><span class="id" title="variable">st'</span></a> <span class="id" title="definition">X</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="Smallstep.html#n:318"><span class="id" title="variable">n</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#st':320"><span class="id" title="variable">st'</span></a> <span class="id" title="definition">Y</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> 0.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

 ... the above loop can exit with <span class="inlinecode"><span class="id" title="var">X</span></span> having any value
    whatsoever. 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="CImp.par_loop_any_X" class="idref" href="#CImp.par_loop_any_X"><span class="id" title="lemma">par_loop_any_X</span></a>:<br/>
&nbsp;&nbsp;<span class="id" title="keyword">∀</span> <a id="n:321" class="idref" href="#n:321"><span class="id" title="binder">n</span></a>, <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="st':322" class="idref" href="#st':322"><span class="id" title="binder">st'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#CImp.par_loop"><span class="id" title="definition">par_loop</span></a> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">/</span></a> <span class="id" title="definition">empty_st</span> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a>  <span class="id" title="notation">&lt;{</span><a class="idref" href="Smallstep.html#CImp.:com::'skip'"><span class="id" title="notation">skip</span></a><span class="id" title="notation">}&gt;</span> <a class="idref" href="Smallstep.html#1ac4746b7263e82a2c39e7596bcbcd58"><span class="id" title="notation">/</span></a> <a class="idref" href="Smallstep.html#st':322"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#st':322"><span class="id" title="variable">st'</span></a> <span class="id" title="definition">X</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="Smallstep.html#n:321"><span class="id" title="variable">n</span></a>.<br/>
<div class="togglescript" id="proofcontrol15" onclick="toggleDisplay('proof15');toggleDisplay('proofcontrol15')"><span class="show"></span></div>
<div class="proofscript" id="proof15" onclick="toggleDisplay('proof15');toggleDisplay('proofcontrol15')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">n</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> (<a class="idref" href="Smallstep.html#CImp.par_body_n"><span class="id" title="axiom">par_body_n</span></a> <span class="id" title="var">n</span> <span class="id" title="definition">empty_st</span>).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">split</span>; <span class="id" title="tactic">reflexivity</span>.<br/><hr class='doublespaceincode'/>
&nbsp;&nbsp;<span class="id" title="tactic">rename</span> <span class="id" title="var">x</span> <span class="id" title="var">into</span> <span class="id" title="var">st</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">H</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">H'</span> [<span class="id" title="var">HX</span> <span class="id" title="var">HY</span>] ]; <span class="id" title="tactic">clear</span> <span class="id" title="var">H</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">∃</span> (<span class="id" title="definition">Y</span> <span class="id" title="notation">!<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> 1 <span class="id" title="notation">;</span> <span class="id" title="var">st</span>). <span class="id" title="tactic">split</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_trans"><span class="id" title="lemma">multi_trans</span></a> <span class="id" title="keyword">with</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#CImp.par_loop"><span class="id" title="definition">par_loop</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>. <span class="id" title="tactic">apply</span> <span class="id" title="var">H'</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par1"><span class="id" title="constructor">CS_Par1</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Asgn"><span class="id" title="constructor">CS_Asgn</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_While"><span class="id" title="constructor">CS_While</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#BS_Eq<sub>1</sub>"><span class="id" title="constructor">BS_Eq<sub>1</sub></span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#AS_Id"><span class="id" title="constructor">AS_Id</span></a>. <span class="id" title="tactic">rewrite</span> <span class="id" title="axiom">t_update_eq</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfStep"><span class="id" title="constructor">CS_IfStep</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#BS_Eq"><span class="id" title="constructor">BS_Eq</span></a>. <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_Par2"><span class="id" title="constructor">CS_Par2</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_IfFalse"><span class="id" title="constructor">CS_IfFalse</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#CImp.CS_ParDone"><span class="id" title="constructor">CS_ParDone</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>.<br/><hr class='doublespaceincode'/>
&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <span class="id" title="axiom">t_update_neq</span>. <span class="id" title="tactic">assumption</span>. <span class="id" title="tactic">intro</span> <span class="id" title="var">X</span>; <span class="id" title="tactic">inversion</span> <span class="id" title="var">X</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<br/>
<span class="id" title="keyword">End</span> <a class="idref" href="Smallstep.html#CImp"><span class="id" title="module">CImp</span></a>.<br/>
</div>

<div class="doc">
<a id="lab184"></a><h1 class="section">A Small-Step Stack Machine</h1>

<div class="paragraph"> </div>

 Our last example is a small-step semantics for the stack machine
    example from the <a href="https://softwarefoundations.cis.upenn.edu/lf-current/Imp.html"><span class="inlineref">Imp</span></a> chapter of <i>Logical Foundations</i>. 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="stack" class="idref" href="#stack"><span class="id" title="definition">stack</span></a> := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#list"><span class="id" title="inductive">list</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>.<br/>
<span class="id" title="keyword">Definition</span> <a id="prog" class="idref" href="#prog"><span class="id" title="definition">prog</span></a>  := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#list"><span class="id" title="inductive">list</span></a> <span class="id" title="inductive">sinstr</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="stack_step" class="idref" href="#stack_step"><span class="id" title="inductive">stack_step</span></a> (<a id="st:323" class="idref" href="#st:323"><span class="id" title="binder">st</span></a> : <span class="id" title="definition">state</span>) : <a class="idref" href="Smallstep.html#prog"><span class="id" title="definition">prog</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a> <a class="idref" href="Smallstep.html#stack"><span class="id" title="definition">stack</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="Smallstep.html#prog"><span class="id" title="definition">prog</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a> <a class="idref" href="Smallstep.html#stack"><span class="id" title="definition">stack</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="SS_Push" class="idref" href="#SS_Push"><span class="id" title="constructor">SS_Push</span></a> : <span class="id" title="keyword">∀</span> <a id="stk:326" class="idref" href="#stk:326"><span class="id" title="binder">stk</span></a> <a id="n:327" class="idref" href="#n:327"><span class="id" title="binder">n</span></a> <a id="p:328" class="idref" href="#p:328"><span class="id" title="binder">p</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#stack_step:324"><span class="id" title="inductive">stack_step</span></a> <a class="idref" href="Smallstep.html#st:323"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="constructor">SPush</span> <a class="idref" href="Smallstep.html#n:327"><span class="id" title="variable">n</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a> <a class="idref" href="Smallstep.html#p:328"><span class="id" title="variable">p</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#stk:326"><span class="id" title="variable">stk</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>      <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#p:328"><span class="id" title="variable">p</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#n:327"><span class="id" title="variable">n</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a> <a class="idref" href="Smallstep.html#stk:326"><span class="id" title="variable">stk</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="SS_Load" class="idref" href="#SS_Load"><span class="id" title="constructor">SS_Load</span></a> : <span class="id" title="keyword">∀</span> <a id="stk:329" class="idref" href="#stk:329"><span class="id" title="binder">stk</span></a> <a id="i:330" class="idref" href="#i:330"><span class="id" title="binder">i</span></a> <a id="p:331" class="idref" href="#p:331"><span class="id" title="binder">p</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#stack_step:324"><span class="id" title="inductive">stack_step</span></a> <a class="idref" href="Smallstep.html#st:323"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="constructor">SLoad</span> <a class="idref" href="Smallstep.html#i:330"><span class="id" title="variable">i</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a> <a class="idref" href="Smallstep.html#p:331"><span class="id" title="variable">p</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#stk:329"><span class="id" title="variable">stk</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>      <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#p:331"><span class="id" title="variable">p</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#st:323"><span class="id" title="variable">st</span></a> <a class="idref" href="Smallstep.html#i:330"><span class="id" title="variable">i</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a> <a class="idref" href="Smallstep.html#stk:329"><span class="id" title="variable">stk</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="SS_Plus" class="idref" href="#SS_Plus"><span class="id" title="constructor">SS_Plus</span></a> : <span class="id" title="keyword">∀</span> <a id="stk:332" class="idref" href="#stk:332"><span class="id" title="binder">stk</span></a> <a id="n:333" class="idref" href="#n:333"><span class="id" title="binder">n</span></a> <a id="m:334" class="idref" href="#m:334"><span class="id" title="binder">m</span></a> <a id="p:335" class="idref" href="#p:335"><span class="id" title="binder">p</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#stack_step:324"><span class="id" title="inductive">stack_step</span></a> <a class="idref" href="Smallstep.html#st:323"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="constructor">SPlus</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a> <a class="idref" href="Smallstep.html#p:335"><span class="id" title="variable">p</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#n:333"><span class="id" title="variable">n</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="Smallstep.html#m:334"><span class="id" title="variable">m</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="Smallstep.html#stk:332"><span class="id" title="variable">stk</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>  <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#p:335"><span class="id" title="variable">p</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#m:334"><span class="id" title="variable">m</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#0dacc1786c5ba797d47dd85006231633"><span class="id" title="notation">+</span></a><a class="idref" href="Smallstep.html#n:333"><span class="id" title="variable">n</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">)::</span></a><a class="idref" href="Smallstep.html#stk:332"><span class="id" title="variable">stk</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="SS_Minus" class="idref" href="#SS_Minus"><span class="id" title="constructor">SS_Minus</span></a> : <span class="id" title="keyword">∀</span> <a id="stk:336" class="idref" href="#stk:336"><span class="id" title="binder">stk</span></a> <a id="n:337" class="idref" href="#n:337"><span class="id" title="binder">n</span></a> <a id="m:338" class="idref" href="#m:338"><span class="id" title="binder">m</span></a> <a id="p:339" class="idref" href="#p:339"><span class="id" title="binder">p</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#stack_step:324"><span class="id" title="inductive">stack_step</span></a> <a class="idref" href="Smallstep.html#st:323"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="constructor">SMinus</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a> <a class="idref" href="Smallstep.html#p:339"><span class="id" title="variable">p</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#n:337"><span class="id" title="variable">n</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="Smallstep.html#m:338"><span class="id" title="variable">m</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="Smallstep.html#stk:336"><span class="id" title="variable">stk</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#p:339"><span class="id" title="variable">p</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#m:338"><span class="id" title="variable">m</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#::nat_scope:x_'-'_x"><span class="id" title="notation">-</span></a><a class="idref" href="Smallstep.html#n:337"><span class="id" title="variable">n</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">)::</span></a><a class="idref" href="Smallstep.html#stk:336"><span class="id" title="variable">stk</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="SS_Mult" class="idref" href="#SS_Mult"><span class="id" title="constructor">SS_Mult</span></a> : <span class="id" title="keyword">∀</span> <a id="stk:340" class="idref" href="#stk:340"><span class="id" title="binder">stk</span></a> <a id="n:341" class="idref" href="#n:341"><span class="id" title="binder">n</span></a> <a id="m:342" class="idref" href="#m:342"><span class="id" title="binder">m</span></a> <a id="p:343" class="idref" href="#p:343"><span class="id" title="binder">p</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="Smallstep.html#stack_step:324"><span class="id" title="inductive">stack_step</span></a> <a class="idref" href="Smallstep.html#st:323"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="constructor">SMult</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a> <a class="idref" href="Smallstep.html#p:343"><span class="id" title="variable">p</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a> <a class="idref" href="Smallstep.html#n:341"><span class="id" title="variable">n</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="Smallstep.html#m:342"><span class="id" title="variable">m</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="Smallstep.html#stk:340"><span class="id" title="variable">stk</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>  <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#p:343"><span class="id" title="variable">p</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#m:342"><span class="id" title="variable">m</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#ea2ff3d561159081cea6fb2e8113cc<sub>54</sub>"><span class="id" title="notation">×</span></a><a class="idref" href="Smallstep.html#n:341"><span class="id" title="variable">n</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">)::</span></a><a class="idref" href="Smallstep.html#stk:340"><span class="id" title="variable">stk</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Theorem</span> <a id="stack_step_deterministic" class="idref" href="#stack_step_deterministic"><span class="id" title="lemma">stack_step_deterministic</span></a> : <span class="id" title="keyword">∀</span> <a id="st:344" class="idref" href="#st:344"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#deterministic"><span class="id" title="definition">deterministic</span></a> (<a class="idref" href="Smallstep.html#stack_step"><span class="id" title="inductive">stack_step</span></a> <a class="idref" href="Smallstep.html#st:344"><span class="id" title="variable">st</span></a>).<br/>
<div class="togglescript" id="proofcontrol16" onclick="toggleDisplay('proof16');toggleDisplay('proofcontrol16')"><span class="show"></span></div>
<div class="proofscript" id="proof16" onclick="toggleDisplay('proof16');toggleDisplay('proofcontrol16')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="Smallstep.html#deterministic"><span class="id" title="definition">deterministic</span></a>. <span class="id" title="tactic">intros</span> <span class="id" title="var">st</span> <span class="id" title="var">x</span> <span class="id" title="var">y<sub>1</sub></span> <span class="id" title="var">y<sub>2</sub></span> <span class="id" title="var">H<sub>1</sub></span> <span class="id" title="var">H<sub>2</sub></span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">H<sub>1</sub></span>; <span class="id" title="tactic">inversion</span> <span class="id" title="var">H<sub>2</sub></span>; <span class="id" title="tactic">reflexivity</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<br/>
<span class="id" title="keyword">Definition</span> <a id="stack_multistep" class="idref" href="#stack_multistep"><span class="id" title="definition">stack_multistep</span></a> <a id="st:345" class="idref" href="#st:345"><span class="id" title="binder">st</span></a> := <a class="idref" href="Smallstep.html#multi"><span class="id" title="inductive">multi</span></a> (<a class="idref" href="Smallstep.html#stack_step"><span class="id" title="inductive">stack_step</span></a> <a class="idref" href="Smallstep.html#st:345"><span class="id" title="variable">st</span></a>).<br/>
</div>

<div class="doc">
<a id="lab185"></a><h4 class="section">Exercise: 3 stars, advanced (compiler_is_correct)</h4>
 Remember the definition of <span class="inlinecode"><span class="id" title="var">compile</span></span> for <span class="inlinecode"><span class="id" title="var">aexp</span></span> given in the
    <a href="https://softwarefoundations.cis.upenn.edu/lf-current/Imp.html"><span class="inlineref">Imp</span></a> chapter of <i>Logical Foundations</i>. We want now to
    prove <span class="inlinecode"><span class="id" title="var">s_compile</span></span> correct with respect to the stack machine.

<div class="paragraph"> </div>

    Copy your definition of <span class="inlinecode"><span class="id" title="var">s_compile</span></span> from Imp here, then state
    what it means for the compiler to be correct according to the
    stack machine small step semantics, and then prove it. 
</div>
<div class="code">

<span class="comment">(*&nbsp;Copy&nbsp;your&nbsp;definition&nbsp;of&nbsp;s_compile&nbsp;here&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="compiler_is_correct_statement" class="idref" href="#compiler_is_correct_statement"><span class="id" title="definition">compiler_is_correct_statement</span></a> : <span class="id" title="keyword">Prop</span><br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;REPLACE&nbsp;THIS&nbsp;LINE&nbsp;WITH&nbsp;":=&nbsp;_your_definition_&nbsp;."&nbsp;*)</span>. <span class="id" title="var">Admitted</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Theorem</span> <a id="compiler_is_correct" class="idref" href="#compiler_is_correct"><span class="id" title="lemma">compiler_is_correct</span></a> : <a class="idref" href="Smallstep.html#compiler_is_correct_statement"><span class="id" title="axiom">compiler_is_correct_statement</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab186"></a><h1 class="section">Aside: A <span class="inlinecode"><span class="id" title="var">normalize</span></span> Tactic</h1>

<div class="paragraph"> </div>

 When experimenting with definitions of programming languages
    in Coq, we often want to see what a particular concrete term steps
    to -- i.e., we want to find proofs for goals of the form <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span>
    <span class="inlinecode"><span class="id" title="var">t'</span></span>, where <span class="inlinecode"><span class="id" title="var">t</span></span> is a completely concrete term and <span class="inlinecode"><span class="id" title="var">t'</span></span> is unknown.
    These proofs are quite tedious to do by hand.  Consider, for
    example, reducing an arithmetic expression using the small-step
    relation <span class="inlinecode"><span class="id" title="var">astep</span></span>. 
</div>
<div class="code">

<span class="id" title="keyword">Example</span> <a id="step_example1" class="idref" href="#step_example1"><span class="id" title="definition">step_example1</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4))<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 10<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">)</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a> <span class="id" title="keyword">with</span> (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 7)).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_Plus2"><span class="id" title="constructor">ST_Plus2</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#v_const"><span class="id" title="constructor">v_const</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a> <span class="id" title="keyword">with</span> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 10).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#ST_PlusConstConst"><span class="id" title="constructor">ST_PlusConstConst</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<div class="doc">
The proof repeatedly applies <span class="inlinecode"><span class="id" title="var">multi_step</span></span> until the term reaches a
    normal form.  Fortunately The sub-proofs for the intermediate
    steps are simple enough that <span class="inlinecode"><span class="id" title="tactic">auto</span></span>, with appropriate hints, can
    solve them. 
</div>
<div class="code">

<span class="id" title="keyword">Hint Constructors</span> <a class="idref" href="Smallstep.html#step"><span class="id" title="inductive">step</span></a> <a class="idref" href="Smallstep.html#value"><span class="id" title="inductive">value</span></a> : <span class="id" title="var">core</span>.<br/>
<span class="id" title="keyword">Example</span> <a id="step_example1'" class="idref" href="#step_example1'"><span class="id" title="definition">step_example1'</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4))<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 10<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">)</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">auto</span>. <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a>. <span class="id" title="tactic">auto</span>. <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<div class="doc">
The following custom <span class="inlinecode"><span class="id" title="keyword">Tactic</span></span> <span class="inlinecode"><span class="id" title="keyword">Notation</span></span> definition captures this
    pattern.  In addition, before each step, we print out the current
    goal, so that we can follow how the term is being reduced. 
</div>
<div class="code">

<span class="id" title="keyword">Tactic Notation</span> "print_goal" :=<br/>
&nbsp;&nbsp;<span class="id" title="keyword">match</span> <span class="id" title="keyword">goal</span> <span class="id" title="keyword">with</span> &#x22A2; ?<span class="id" title="var">x</span> ⇒ <span class="id" title="tactic">idtac</span> <span class="id" title="var">x</span> <span class="id" title="keyword">end</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Tactic Notation</span> "normalize" :=<br/>
&nbsp;&nbsp;<span class="id" title="tactic">repeat</span> (<span class="id" title="var">print_goal</span>; <span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a> ;<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[ (<span class="id" title="tactic">eauto</span> 10; <span class="id" title="tactic">fail</span>) | (<span class="id" title="tactic">instantiate</span>; <span class="id" title="tactic">simpl</span>)]);<br/>
&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Example</span> <a id="step_example1''" class="idref" href="#step_example1''"><span class="id" title="definition">step_example1''</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4))<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 10<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">)</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="var">normalize</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;The&nbsp;<span class="inlinecode"><span class="id" title="var">print_goal</span></span>&nbsp;in&nbsp;the&nbsp;<span class="inlinecode"><span class="id" title="var">normalize</span></span>&nbsp;tactic&nbsp;shows<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;a&nbsp;trace&nbsp;of&nbsp;how&nbsp;the&nbsp;expression&nbsp;reduced...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(P&nbsp;(C&nbsp;3)&nbsp;(P&nbsp;(C&nbsp;3)&nbsp;(C&nbsp;4))&nbsp;<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span>&nbsp;C&nbsp;10)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(P&nbsp;(C&nbsp;3)&nbsp;(C&nbsp;7)&nbsp;<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span>&nbsp;C&nbsp;10)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(C&nbsp;10&nbsp;<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span>&nbsp;C&nbsp;10)<br/>
&nbsp;&nbsp;*)</span><br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<div class="doc">
The <span class="inlinecode"><span class="id" title="var">normalize</span></span> tactic also provides a simple way to calculate the
    normal form of a term, by starting with a goal with an existentially
    bound variable. 
</div>
<div class="code">

<span class="id" title="keyword">Example</span> <a id="step_example1'''" class="idref" href="#step_example1'''"><span class="id" title="definition">step_example1'''</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="e':346" class="idref" href="#e':346"><span class="id" title="binder">e'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 4))<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#e':346"><span class="id" title="variable">e'</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eexists</span>. <span class="id" title="var">normalize</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<div class="doc">
This time, the trace is:
<br/>
<span class="inlinecode">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="var">P</span> (<span class="id" title="var">C</span> 3) (<span class="id" title="var">P</span> (<span class="id" title="var">C</span> 3) (<span class="id" title="var">C</span> 4)) <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span> ?<span class="id" title="var">e'</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="var">P</span> (<span class="id" title="var">C</span> 3) (<span class="id" title="var">C</span> 7) <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span> ?<span class="id" title="var">e'</span>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="var">C</span> 10 <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span> ?<span class="id" title="var">e'</span>)
</span>   where <span class="inlinecode">?<span class="id" title="var">e'</span></span> is the variable ``guessed'' by eapply. 
<div class="paragraph"> </div>

<a id="lab187"></a><h4 class="section">Exercise: 1 star, standard (normalize_ex)</h4>

</div>
<div class="code">
<span class="id" title="keyword">Theorem</span> <a id="normalize_ex" class="idref" href="#normalize_ex"><span class="id" title="lemma">normalize_ex</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="e':347" class="idref" href="#e':347"><span class="id" title="binder">e'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 2) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 1))<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#e':347"><span class="id" title="variable">e'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#e':347"><span class="id" title="variable">e'</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

<a id="lab188"></a><h4 class="section">Exercise: 1 star, standard, optional (normalize_ex')</h4>
 For comparison, prove it using <span class="inlinecode"><span class="id" title="tactic">apply</span></span> instead of <span class="inlinecode"><span class="id" title="tactic">eapply</span></span>. 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="normalize_ex'" class="idref" href="#normalize_ex'"><span class="id" title="lemma">normalize_ex'</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="e':348" class="idref" href="#e':348"><span class="id" title="binder">e'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">(</span></a><a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 3) (<a class="idref" href="Smallstep.html#P"><span class="id" title="constructor">P</span></a> (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 2) (<a class="idref" href="Smallstep.html#C"><span class="id" title="constructor">C</span></a> 1))<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="Smallstep.html#a781e4b1e2c022f0326182a9bd099911"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a> <a class="idref" href="Smallstep.html#e':348"><span class="id" title="variable">e'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a> <a class="idref" href="Smallstep.html#value"><span class="id" title="inductive">value</span></a> <a class="idref" href="Smallstep.html#e':348"><span class="id" title="variable">e'</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="code">

<span class="comment">(*&nbsp;2021-08-11&nbsp;15:11&nbsp;*)</span><br/>
</div>
</div>

<div id="footer">
<hr/><a href="coqindex.html">Index</a><hr/>This page has been generated by <a href="http://coq.inria.fr/">coqdoc</a>
</div>

</div>

</body>
</html>